Security updates for SQL server

Question

Security updates for SQL server

sqlfriend

SSC Guru

Points: 52769
More actions
February 16, 2023 at 12:11 am

#4150294

I recently see there are some GRD for SQL server updates 2019. And it comes to our windows update list.- Security updates for SQL server 2019 GRD....
What is the GRD comparing with SQL server CU?
I usually run CU manually.
Is it safe to just let the GRD runs automatically like other windows update patches during our maintenance outage time?
See below:

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply

tony28 SSCertifiable Points: 7112 More actions · Answer 1

Hi,

GDR (General Distribution Release) will not include previous all CU's (Cumulative Update) but CU's will include all previous fixes.

So it means its possible to use some security update, when you dont want use some CU due to some reasons.

Thanks

sqlfriend SSC Guru Points: 52769 More actions · Answer 2

Thanks, not sure what this means: Quote: "So it means its possible to use some security update, when you dont want use some CU due to some reasons."

We have something like below that shows in windows update, is it safe just like it automatically run like other windows updates? I usually run CU manually, but this is security update, I think it can be automatically run like other windows security update does.

Capture

This reply was modified 1 year, 7 months ago by sqlfriend.

Ant-Green SSC Guru Points: 113485 More actions · Answer 3

Treat it like a CU.

A GDR fixes CVEs with the product.

You plan and prepare for installing it the same way in which you would a CU, the installation process is exactly the same.

sqlfriend SSC Guru Points: 52769 More actions · Answer 4

Thank you , what is CVE?

And I also read this article https://www.sqltattoo.com/blog/2021/01/sql-server-patching-gdr-vs-cu/

Quote:

caution: When you start clean from a baseline you can apply GDR or CU as it fits your policy or planning. If you want to keep deploying only GDRs, intentionally, then you should not deploy any CU. This change from GDR can happen only ONCE and then you are on the CU-side of things.

This statement confused me, could you explain what it means? does it mean because we applied CU before, we should not use GDR?

We have applied Some CU for SQL 2019. and now our windows update admin found the below Security patches for SQL server and asked if it can be added to windows update list that automtic runs for dev, test environment.

Capture

Thank you!