February 8, 2018 at 7:02 am
As part of the mitigation process for the Meltdown and Spectre vulnerability we are looking at applying the released SQL patches.
Currently our installs of SQL Server 2014 are running at SP2 (12.0.5000.0), so would need to apply Security Update for SQL Server 2014 Service Pack 2 GDR (KB4057120 - 12.0.5214.6).
Looking at the security releases for SQL Server 2014 I can see that there are also two GDR security updates that predate the above - KB3194714 , KB4019093. Will the latest GDR Security Update for SQL Server 2014 KB4057120 include the previous GDR Security Updates (KB3194714 , KB4019093) meaning I only need to install the latest GDR update to install all the released security packages. Or will I need to apply each security update separately ?
Many thanks
Francis
February 8, 2018 at 9:26 am
ft55 - Thursday, February 8, 2018 7:02 AMAs part of the mitigation process for the Meltdown and Spectre vulnerability we are looking at applying the released SQL patches.Currently our installs of SQL Server 2014 are running at SP2 (12.0.5000.0), so would need to apply Security Update for SQL Server 2014 Service Pack 2 GDR (KB4057120 - 12.0.5214.6).
Looking at the security releases for SQL Server 2014 I can see that there are also two GDR security updates that predate the above - KB3194714 , KB4019093. Will the latest GDR Security Update for SQL Server 2014 KB4057120 include the previous GDR Security Updates (KB3194714 , KB4019093) meaning I only need to install the latest GDR update to install all the released security packages. Or will I need to apply each security update separately ?
Many thanks
Francis
CUMULATIVE updates for SQL Server are just that - cumulative.
But if I were you I would absolutely NOT rely on a forum post to decide what patches to apply to your production SQL Server (or any other) environment. Read the release notes and the file update lists and verify for yourself. Failing that get Microsoft to tell you what to do.
Having said that, I am advising every client to STRONGLY review whether they NEED to put the patches on their production SQL Servers AT ALL AT THIS TIME. They have been proven to be unstable and horribly bad for SQL Server performance. Note that I am not advising you of this because you are not a client. YMMV 😎
Best,
Kevin G. Boles
SQL Server Consultant
SQL MVP 2007-2012
TheSQLGuru on googles mail service
February 9, 2018 at 12:40 am
I guess that was my question as my post isnt about CU patches it was about GDR patches and if they were cumulative.
I have already engaged with Microsoft but posted on here for advice / discussion as I thought that was the point of a forum..........
February 9, 2018 at 7:12 am
I put the GDR patch on where I had installed only up to a service pack, so where I had SQL 2014 SP2 only I applied the GDR (General Distribition) patch, where I had SP2 with CU7 installed I patched with the CU10 update but only after testing, both patches include the security update you need, so you only need the specific patch for either situation.
Funny thing after the patch though, when putting CU10 on and you do Select @@version it reports SP2-CU10-GDR which is most confusing.
I patched all the machines and didn't notice any performance hit, depends which blogs you read as well, some are all doom and gloom and say it will kill everything, some say there have been minimal reports of any performance impact, this all stems from the OS patch stories about performance hits. The only way to be sure is to test the patches before applying them in production.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply