MSSQL Vulnerabilities

  • Do we have to review monthly microsoft security bulletin to identify vulnerabilities affecting sql server ? If so do we have to apply them every month on the server? Please clarify.

    My current sql edition : SQL server 2008R2 SP2 Enterprise

    Windows: Windows server 2008R2 SP1

  • The classic answer would be: it depends. It's impossible to "clarify". But it's always good to know what vulnerabilities have been detected and fixed...

    Once you know, you'll need to verify if the issue described will apply to your environment (Hardware, Software, Network, Firewall, DMZ ...).

    If so, you'll need to check if the fix won't stop your system (e.g. due to a dedicated software or hardware component, that need to be updated first).

    The rest would be the "standard procedure": install in Dev environment, test, test, and test, have the rollback guideline handy and verified and, finally, roll it out to production.

    At our company the whole process is called "Patch Management". We try to know as much as possible regarding vulnerabilities (not only the fixes, but also the exploits found) but change the production system as infrequent as possible. The gap in between is part of our "Risk Management". 😉



    Lutz
    A pessimist is an optimist with experience.

    How to get fast answers to your question[/url]
    How to post performance related questions[/url]
    Links for Tally Table [/url] , Cross Tabs [/url] and Dynamic Cross Tabs [/url], Delimited Split Function[/url]

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply