Jump to content
Welcome to our new Citrix community!
  • 0

Security Vulnerability: How to Update XenApp 7.15 LTSR CU3 SQL Express 2014 LocalDB?

Joshua Bilsky1709151488


We're seeing a vulnerability show up on our Nessus scans on our XenApp 7.15 LTSR CU3 delivery controllers for SQL 2014 LocalDB. I tried to apply the latest cumulative update for SQL Server 2014 SP2 but it did not update the files https://support.microsoft.com/en-us/help/4500180/cumulative-update-18-for-sql-server-2014-sp2


Any ideas on how to patch LocalDB. We do use local host cache so we want to preserve that functionality.

Link to comment

4 answers to this question

Recommended Posts

  • 0
1 minute ago, George David1709152738 said:

did you ever get an answer here? 


No.  I opened a case with Citrix on this topic as they bundle the LocalDB package in the 7.15 LTSR installation.  The CU4 installer has the same vulnerable version of LocalDB as CU3.  Citrix support was of no help.  Their response was LocalDB is a Microsoft technology, and that I should work with our DBAs to resolve the issue. 


From my research, it looks like the SQL 2014 SP2 LocalDB can be updated to the 2014 SP3 LocalDB. However the cumulative updates for SQL cannot be applied to LocalDB. I tested the scenario on a machine that did not have Citrix installed. I installed 2014 SP2 LocalDB from the SQL Express download package and then updated it to 2014 SP3. This would put us at the base level of 2014 SP3 as the cumulatives cannot be applied.  I have yet to do this on my Citrix environment though as I was hoping maybe Citrix or Microsoft would provide an official solution.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...