 | | The Complete Weekly Roundup of SQL Server News by SQLServerCentral.com | | Hand-picked content to sharpen your professional edge |
|
More SQL Server GDRs This week we had a number of SQL Server patches, called GDRs, released. They are available for SQL Server 2022, 2019, 2017, and 2016. I've linked to the build lists we maintain at SQL Server Central, and for most of these patches, there is one for the current CU level and one for RTM. FWIW, you ought to be on the current CU (or close) and these are certainly worth testing and applying as these are security updates. I looked at the various CVE bulletins from Microsoft. You can find them all on this page, and I found very little information about the exact problem. That's interesting, and often there is some explanation of the attack vector and how an attacker might use it. That's good because it helps me decide just how critical this is and how vulnerable I am. While I do try to get security patches applied quickly, there might be a reason I don't apply today and wait for a few days because of other work. All of these items have a few metrics: they are local attack vectors, but the complexity is low and the privileges required are low or none. Those last two are a little scary. However, the details aren't publicly disclosed and the likelihood of these being exploited is "less likely." That's interesting and makes me want to learn more about the issues here. If I go to the NIST site for CVE-2023-36420, I see a note that this is still undergoing analysis and there aren't any specifics on what the issue is for a server. Over the years, we've had relatively few security patches issued for SQL Server. Looking for GDRs, I see 6 for SQL Server 2017. I see 8 in that time frame for Oracle. PostgreSQL includes security patches are part of their minor updates and I was too lazy to dig through all the release notes, but I suspect there have been a few issues. I have also seen patches for MySQL, though a consolidated list is hard to find. Security is constantly evolving, and the way that researchers and hackers find vulnerabilities changes over time. I don't expect that all database software is completely secure, but I am glad to see patches and updates released over time and special releases made when there are problems. Now we need more installations to apply those patches. Quite a few breaches in the last 20 years have come from unpatched software, which is a problem. Part of any modern software architecture ought to be a process for applying patches when needed, which is certainly sometime soon after a security update. Steve Jones - SSC Editor Join the debate, and respond to the editorial on the forums |
| The Weekly News | | All the headlines and interesting SQL Server information that we've collected over the past week, and sometimes even a few repeats if we think they fit. |
| AI/Machine Learning/Cognitive Services |
When training AI models, the accuracy of the AI app depends on the quality of the training material it receives. Naturally, feeding it more than it needs or not... |
| Administration of SQL Server |
When managing Azure SQL Databases, it's crucial to monitor performance metrics, especially CPU usage. One of the challenges faced by database administrators is determining whether high CPU usage is... |
Issue We recently encountered a support case where... |
Last week we have discussed how Null Values can ca... |
DBCC UPDATEUSAGE is a command available in SQL Server that is used to update the page and row count metadata for database objects. First appeared on SQL SERVER – Understanding... |
| Analysis Services / BI on the MS Stack |
Since a couple of weeks, we have been redesigning our SSAS Tabular Model. We are keeping the model as user-friendly as possible and we try to minimize overhead for our end-users to a bare minimum. |
Now you can easily leverage your data stored in Azure Cosmos DB for Mongo DB vCore for Retrieval Augmented Generation (RAG) with Azure OpenAI models using the "Use your... |
| Azure Databricks, Spark and Snowflake |
Apache Spark is a powerful open-source distributed... |
Often incoming data contain timestamp values (date and time) in the string representation like 2023-07-28 12:50:22.087 i.e., and it is common to run queries with DATE filters as follows:... |
Today, we addressed a service request from our cus... |
| Azure SQL Managed Instance |
Hybrid failover rights is a new benefit that allows you to run a license-free Azure SQL Managed Instance when used as a passive DR replica for your SQL Server... |
| Career, Employment, and Certifications |
In today’s fast-paced world, traditional higher ... |
In the fast-paced world of IT, where trends like DevOps and Infrastructure as Code (IaC) dominate the landscape, the concepts of Reliability and Observability have seamlessly woven themselves into... The... |
As the Northern Hemisphere enjoys early fall and p... |
Azure Files now supports an expanded character set enabling file and directory names with all valid Unicode characters. |
| Conferences, Classes, Events, and Webinars |
At SQL Saturday Denver 2023, I had a few people as... |
Locking and Blocking – Tuning Spools Going Furth... |
After reuniting in Seattle last year for the PASS Data Community Summit, we’re excited to bring you another jam-packed schedule of informative and educational sessions. There’ll be a lot... |
Locking and Blocking – When Read Queries Block Write Queries Demo Going Further If this is the kind of SQL Server stuff you love learning about, you’ll love my... |
Dear Host, you don't have to use Read-Host. There is a choice |
I recently learned that if or , then does not exis... |
Before getting into today’s topic, I’ll draw your attention in the map above to the red line cutting across Oregon, Nevada, Utah, and the Southwest: these will be the... |
Here's a tip we share frequently: keep your charts as simple as you can. Limit the amount of information you display at any one time, use graph types people... |
| Database Design, Theory and Development |
THE VIDEO THE SYNOPSIS In this video, we start at the ground floor with 1st Normal Form. We’ll learn what people think it is, what it really is, and... |
| DevOps and Continuous Delivery (CI/CD) |
Looking to improve DevOps operations? A new Google report suggests focusing on culture and users. |
Developing and deploying database changes can be a complex task, made more challenging by the fact that development teams need to move fast, while also protecting an organization’s crown... |
How to apply conditional formatting on measures picked from a slicer and implemented using two techniques: field parameters and calculation groups. |
| Microsoft Fabric ( Azure Synapse Analytics, OneLake, ADLS, Data Science) |
I had the great pleasure to get to spend time toda... |
In the previous blog, I wrote about data temperatu... |
Reading Time: 4 minutes In this post I want to cover some interesting Microsoft Fabric repositories publicly available in GitHub. I wanted to do this post after last... |
Microsoft Fabric, as an end-to-end SaaS, provides multiple workloads, including Data Science. In this article and video, you will learn the Data Science workload in Microsoft Fabric, what it... |
Microsoft Fabric is an awesome product that has now been in public preview for five months. If you are not familiar with it, check out my recent video where... The... |
| Oracle/PostgreSQL/MySQL/other RDBMS |
In the previous blog in this series, we learned how to produce, read and interpret execution plans. We learned that an execution plan provides information about access methods, which... |
| Performance Tuning SQL Server |
In this tip, I talk about various reasons a query's performance can change over time - even when the application hasn't changed. |
| PowerPivot/PowerQuery/PowerBI |
DESCRIPTION  You need to know what's going on i... |
This week I was working with a customer where they had a dataset that was previously refreshing successfully and not it failed. It failed with the error “Due to... |
The Power BI Tips Theme Generator tool already allows you to easily interact with, and adjust, all the visual properties, wireframes, etc… How could we possibly make Power BI Theme building an effortless experience? We start with building it all for you, then letting you adjust it! The all new Gallery feature represents a significant leap forward in simplifying the theming process for all. |
If you’ve heard about the new Direct Lake mode f... |
Marco Russo and Alberto Ferrari perform some forma... |
| Product Reviews and Articles |
Why not just build the latest version of any branch of the database by pulling the scripts from the latest tagged release on GitHub? While it is easy to... |
| Product Upgrades and Releases |
The 23rd cumulative update release for SQL Server ... |
The 9th cumulative update release for SQL Server 2... |
We've released hotfix packages for the following d... |
Use Azure Private Link for private connectivity with MySQL – Flexible Server. |
Provision up to 10 read replicas in universal regions on Azure Database for MySQL - Flexible Server. |
General availability enhancements and updates released for Azure SQL in early-October 2023. |
Python is a general purpose, high level language which, thanks to its simplicity and versatility, has become very popular, especially within the data science community. The extensive Python community has developed and contributed thousands of libraries and packages over the years in a plethora of different disciplines to aid developers with their applications. |
Radar charts, also known as spider, web, polar, or star plots, are a useful way to visualize multivariate data. In R, we can create radar charts using the fmsb library. Here are several examples of how to create radar charts in R using the fmsb library: |
Changing the size of the legend on a plot in R can be a handy skill, especially when you want to enhance the readability and aesthetics of your visualizations. In this blog post, we’ll explore different methods to resize legends on R plots with practical examples. |
Trick your brain into faster reading with the help... |
| SQL Server Security and Auditing |
Happy T-SQL Tuesday, y’all! This month, Matthew McGiffen (b | t) asks us to write about SQL Server Encryption and Data Protection. You can read the full invitation here.... |
This month’s T-SQL Tuesday topic comes from Matthew McGiffen, who asks us to talk about encryption and protecting data in SQL Server. To read the full topic invite, click... |
Microsoft has revealed that a Chinese-backed threa... |
There’s a new Cisco vulnerability in its Emergency Responder product: This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for... |
October's CVE update is here. Here's which security vulnerabilities to patch now to exorcise your Microsoft systems demons. |
| T-SQL and Query Languages |
In a previous post, I wrote about how to create a ... |
In this article, we look at how to use T-SQL to round to the nearest penny with built-in and custom T-SQL rounding functions. |
Windows Server 2012/R2 reaches end of support toda... |
Joe Sullivan's lawyers have claimed his conviction on two felony charges is based on tenuous theories and criminalizes the use of bug bounty programs. |
IBM has introduced watsonx Code Assistant for Z, a... |
Artificial intelligence and cloud computing are a ... |
ringlorn – adj. the wish that the modern world f... |
  | This email has been sent to {email}. To be removed from this list, please click here. If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. This newsletter was sent to you because you signed up at SQLServerCentral.com. Note: This is not the SQLServerCentral.com daily newsletter list, and unsubscribing to this newsletter will not stop you receiving the SQL Server Central daily newsletters. If you want to be removed from that list, you can follow the instructions on the daily newsletter. |
|
|
