January 4, 2018 at 1:51 pm
Comments posted to this topic are about the item Critical SQL Server Patches for Meltdown and Spectre
January 5, 2018 at 4:12 am
Thanks Steve
😎
January 5, 2018 at 4:17 am
Thanks Steve. Can you please link to the MS KB for SQL Server? https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server
It looks as though you meant to in this passage:
SQL Server Patches
There is a KB that discusses the attacks. You can read that in
Here are the patches as of this time:
Thomas Rushton
blog: https://thelonedba.wordpress.com
January 5, 2018 at 6:50 am
Seems like an advertisement for Azure. Fake News?
January 5, 2018 at 7:48 am
Can someone explain why both the OS and SQL Server should be patched? Wouldn't OS patching cover everything?
January 5, 2018 at 5:56 pm
eg61088 - Friday, January 5, 2018 7:48 AMCan someone explain why both the OS and SQL Server should be patched? Wouldn't OS patching cover everything?
Read the documentation at the links provided. It explains. There's also a micro (firmware) change required in some cases.
--Jeff Moden
Change is inevitable... Change for the better is not.
January 6, 2018 at 7:12 pm
Steve, thanks a ton for putting this together especially on "repeat Friday". It sure did make finding things easy.
--Jeff Moden
Change is inevitable... Change for the better is not.
January 7, 2018 at 5:10 am
Thanks for the heads up on this Steve.
...
January 8, 2018 at 9:27 am
darthmetatron - Friday, January 5, 2018 6:50 AMSeems like an advertisement for Azure. Fake News?
Care to elaborate?
January 8, 2018 at 9:29 am
ThomasRushton - Friday, January 5, 2018 4:17 AMThanks Steve. Can you please link to the MS KB for SQL Server? https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server
Done
January 8, 2018 at 9:49 am
Have applied the patches to Dev servers, not sure if it is my setup, but the GUI did not give warning a server restart was required, but looking at the log file there was an entry saying server restart required! Everything appeared to be OK, but restarted anyway, would like to know what anyone else experiences. This was for both SQL2016 and 2017.
...
January 9, 2018 at 7:09 am
Caution needs to be aired when following the recommendations in the SQL KB article (https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server) when you are using hosting a SCCM Config Manager database.
A Technet blog says (link below);
"Currently, we recommend following the SQL guidance for Configuration Manager site database servers, except the following suggested steps which may impact Configuration Manager functionality and performance. Do not perform the steps for these two categories at this time:
I hope that helps.
January 9, 2018 at 9:47 am
There's an interesting take on the problem from the ICO (the Information Commissioner's Office in the UK), linking this to GDPR, and the responsibility to patch systems regularly.
Failure to patch known vulnerabilities is a factor that the ICO takes into account when determining whether a breach of the seventh principle of the Data Protection Act is serious enough to warrant a civil monetary penalty. And, under the General Data Protection Regulation taking effect from May 25 this year, there may be some circumstances where organisations could be held liable for a breach of security that relates to measures, such as patches, that should have been taken previously.
from https://iconewsblog.org.uk/2018/01/05/meltdown-and-spectre/
This could get expensive if patching isn't done... :-/
Thomas Rushton
blog: https://thelonedba.wordpress.com
January 10, 2018 at 4:55 am
Patches for SQL Server 2008 have been released, just waiting on 2012 and 2014, and SQL Server 2017 on Linux (possibly Docker too) now:
SQL Server 2008 SP4 GDR
SQL Server 2008 R2 SP3 GDR
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk
January 10, 2018 at 5:08 am
Thom A - Wednesday, January 10, 2018 4:55 AMPatches for SQL Server 2008 have been released, just waiting on 2012 and 2014, and SQL Server 2017 on Linux (possibly Docker too) now:
SQL Server 2008 SP4 GDR
SQL Server 2008 R2 SP3 GDR
Nevermind, my Ubuntu Machine just patched SQL Server 2017 to CU3-GDR.
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk
Viewing 15 posts - 1 through 15 (of 36 total)
You must be logged in to reply to this topic. Login to reply