August 30, 2017 at 11:25 am
We have a tool which will patch everything on a Windows Server, if you allow it. While we de-select the MSSQL CU's (and apply them manually), we allow the Critical Security Hotfixes through. Up until a couple of days ago, I was confident that the Hotifixes didn't update the database version (per @@version).
In the last couple of days when this tool applied what it listed as security updates, I saw one SQL Server update from Microsoft SQL Server 2014 (SP1-CU9-GDR) to (SP1-CU13), and another to Microsoft SQL Server 2012 (SP3-CU6-GDR) to (SP3-CU10). I have a hard time believing that MS suddenly started incrementing versions for hotfixes, and I'm sure that something else caused this issue. I'm not sure how to go about confirming what process applied a CU though. That's the only way I can think to identify whether this tool we use is the culprit, or if someone accidentally enabled Windows update, or if there was another source.
Any suggestions?
Thanks,
--=Chuck
August 30, 2017 at 3:40 pm
OK, it looks like the hotfix and the CU are the same thing: https://support.microsoft.com/en-us/help/4019099/cumulative-update-13-for-sql-server-2014-sp1
Cumulative Update 13 (CU13) for Microsoft SQL Server 2014 Service Pack 1 (SP1) was also released as a SQL Server Security Bulletin on 8/8/2017 (KB 4032542). See CVE-2017-8516 for more information. Because of this, you may already have CU13 installed as part of that security bulletin release, and installation of this CU is unnecessary. If you do try to install CU13 after CVE-2017-8516, you may receive the following message:
I haven't seen that before.
(Sorry for this being in the SQL 2012 category, and referencing the SQL 2014 webpage, but I actually had the same issue in SQL 2012 also if you look at the comments in my initial post. Here's the link to that description: https://support.microsoft.com/en-us/help/4025925/cumulative-update-10-for-sql-server-2012-sp3)
--=Chuck
August 30, 2017 at 4:28 pm
In order to see the list of updates to SQL Server, my server admin directed me to Control Panel>>Programs>>Programs and Features>>View Installed Updates. From there you can see what was applied. He also directed me to the windowsupdate.log (https://support.microsoft.com/en-us/help/902093/how-to-read-the-windowsupdate-log-file) , but that wasn't as helpful as seeing the Hotfix names and associated KB's.
--=Chuck
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply