SQL Server 2017 Cumulative Update 19: The Latest Fixes and Improvements

What Does SQL Server 2017 Cumulative Update 19 Fix?

SQL Server 2017 Cumulative Update 19 (CU19) addresses several significant bugs affecting database stability, query performance, and patch installation reliability. Released by Microsoft under KB4535007, this update is recommended for all SQL Server 2017 environments, particularly those running VSS-based backups or experiencing slow query performance with string functions. If you're running SQL Server 2017 in production, CU19 contains fixes that directly affect uptime and performance.

Keeping SQL Server patched isn't just good hygiene. It's a practical necessity. Each cumulative update bundles fixes for issues that may not have been obvious at initial release but surface under real production workloads. CU19 is a good example of that pattern.

Why Cumulative Updates Matter in Production Environments

Microsoft releases cumulative updates for SQL Server on a regular cadence, typically monthly for actively supported versions. These updates are cumulative, meaning each one contains all the fixes from previous CUs. You don't need to apply them in sequence.

That said, many organisations fall behind on patching. The reasons are understandable: change control processes, testing requirements, and the general risk-aversion that comes with touching production databases. But running significantly out-of-date cumulative updates carries its own risks, including exposure to known bugs that have already been resolved upstream.

CU19 for SQL Server 2017 is a strong example of why staying current pays off. Several of the fixes in this update address issues that can cause real operational pain, not edge cases.

What Are the Key Fixes in SQL Server 2017 CU19?

Here's a breakdown of the most operationally significant fixes included in SQL Server 2017 Cumulative Update 19.

VSS Backup Causing Indefinite Frozen I/O State

This is arguably the most critical fix in CU19. In affected environments, a database could become stuck in a frozen I/O state indefinitely when backed up using Volume Shadow Copy Service (VSS). Under normal circumstances, VSS freezes database I/O briefly during snapshot creation, then releases it. The bug prevented that release from occurring correctly.

The practical impact is severe. A database stuck in frozen I/O is unresponsive. Queries queue up, applications time out, and the only resolution is typically a SQL Server restart. For any environment relying on VSS-based backup tools, including many enterprise backup products that integrate with SQL Server's VSS writer, this bug represents a genuine availability risk.

If you've experienced unexplained database hangs following backup windows and haven't yet applied CU19, this fix alone justifies the update.

MDS and LocalDB Patch Installation Failures

Another fix addresses a failure condition where Master Data Services (MDS) and LocalDB patch installations would fail when applying a newer cumulative update to SQL Server 2016 or 2017. This is a particularly frustrating class of bug because it prevents you from patching correctly, which compounds over time as you fall further behind.

The fix ensures patch installations complete successfully, which is a prerequisite for everything else working as expected.

Slow Query Performance with UPPER, LOWER, and RTRIM

This fix addresses a performance regression affecting queries that use string functions, specifically UPPER, LOWER, and RTRIM in query predicates, when running under the default cardinality estimator (CE) in SQL Server 2017.

The cardinality estimator is responsible for estimating how many rows a query will return, which directly drives the query plan the optimiser selects. When CE produces poor estimates for predicates involving these string functions, the result is suboptimal plans and slower query execution. In data-intensive environments where these functions appear frequently in WHERE clauses or JOIN conditions, the performance impact can be measurable.

This is a good reminder that query performance problems aren't always caused by missing indexes or poorly written queries. Sometimes the issue sits at the engine level, and patching is the fix.

CAB File Updates for R and Python Runtimes

CU19 also includes updated CAB files for the R and Python runtime features introduced with SQL Server 2017's Machine Learning Services. These updated packages contain their own bug fixes and should be applied if your environment uses in-database analytics with R or Python.

If you're not using Machine Learning Services, this particular component is less relevant, but it's worth noting for environments that do.

How Do You Apply SQL Server 2017 CU19?

Applying a cumulative update to SQL Server 2017 follows a straightforward process, but there are a few things to get right before you start.

Before you apply the update:

1. Verify your current SQL Server version by running SELECT @@VERSION in SSMS. SQL Server 2017 CU19 brings the build number to 14.0.3281.6.
2. Take a full backup of all databases, including system databases.
3. Review the KB article (KB4535007) on the Microsoft Support site for any known issues or prerequisites specific to your environment.
4. Test in a non-production environment first if your change control process requires it.
5. Schedule a maintenance window. The SQL Server service will need to restart.

Applying the update:

1. Download the CU19 package from the Microsoft Update Catalog or the link in KB4535007.
2. Run the installer with administrative privileges.
3. Follow the installation wizard, selecting the SQL Server instance you want to update.
4. Allow the installer to complete and restart the SQL Server service.
5. Verify the updated build number with SELECT @@VERSION after the restart.

If your environment includes MDS or LocalDB components, this update specifically addresses installation failures for those, so apply it to those components as well.

Should You Apply CU19 If You're Already on a Later CU?

If your SQL Server 2017 instance is already running a cumulative update higher than CU19, you don't need to apply CU19 separately. All fixes from CU19 are included in subsequent updates. The current latest cumulative update for SQL Server 2017 should be your target if you're patching from scratch.

Check the Microsoft SQL Server 2017 build versions page to confirm the latest available CU before planning your patching cycle.

What About SQL Server 2017 End of Support?

SQL Server 2017 mainstream support ended in October 2022, with extended support running until October 2027. Microsoft continues to release cumulative updates during the extended support phase, but the focus shifts to security fixes rather than new features or broad bug fixes.

If you're still running SQL Server 2017, you have runway until 2027, but now is a reasonable time to start planning your upgrade path to SQL Server 2022 or evaluating Azure SQL options. Running on an older version with a defined end-of-support date introduces risk that compounds over time, particularly around security.

Key Takeaways

• SQL Server 2017 CU19 (KB4535007) fixes a critical bug where VSS backups could leave databases in a permanently frozen I/O state, causing full database unavailability.
• A fix for slow query performance with UPPER, LOWER, and RTRIM predicates under the default cardinality estimator is included, which can have measurable impact in string-heavy workloads.
• MDS and LocalDB patch installation failures when applying newer CUs are resolved in this update.
• Cumulative updates are cumulative. Applying the latest CU for your version covers all previous fixes, including those in CU19.
• SQL Server 2017 extended support runs until October 2027. Staying patched is essential, but planning your upgrade path should be on the agenda.

Staying current with SQL Server cumulative updates is one of the most straightforward ways to reduce operational risk, but it requires a disciplined patching process and proper testing before changes hit production. If your organisation doesn't have a structured SQL Server patching programme in place, that's a gap worth addressing.

DBA Services provides SQL Server health checks and managed support for Australian organisations running SQL Server environments. If you're unsure about your current patch levels or want help establishing a reliable patching cadence, get in touch with our team.