February 5, 2014 at 4:45 am
Hi I just have a question regarding service packs and security patches. We have an old legacy box on 2005 SP2 that has been flagged as needing a particular security update. However, this security update does not apply to SP3 - so would installing SP3 negate the need for the update?
So really, my question is do service packs contain security updates as well as new features/bug fixes?
Many thanks
D
'Only he who wanders finds new paths'
February 6, 2014 at 6:51 am
It depends... and they can...
If you look at the version of the security update and the version of the Service pack if the version of the security patch is lower than the SP then the security patch can be rolled up into it.... However, if the security patch comes out just before the SP then sometimes they don't have enough time to include it in the SP.
IE: SP3 for SQL2005 is 9.0.4035
so if the patch is higher than that, 9.0.4053 then you have to apply SP3 then apply the security patch.
In the KB article it should tell you if you are at this level of SQL Server apply this patch....
February 6, 2014 at 6:55 am
Thanks Markus, appreciated 🙂
D
'Only he who wanders finds new paths'
February 10, 2014 at 7:40 am
The most recent fix I know for SQL 2005 is KB 2716427 which is a security fix that is applied to SP4. It is cumulative to all previous fixes for SP4, and could be considered as CU5 for SP4.
If you are running SQL 2005 at an older fix level then you will have known vulnerabilities that can be exploited by a hacker. KB 2716427 may not fix all problems but is probably the best you will get.
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
February 10, 2014 at 9:04 am
Many thanks for the response, appreciated.
I have another question leading on from this. If the server is involved in an SSIS package as either a source or destination would updating the server be a problem if the package was created using the lower version?
I will test regardless but just wondered...
D
'Only he who wanders finds new paths'
February 10, 2014 at 9:37 am
It should be OK, but as you said, you need to test...
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply