Click here to monitor SSC
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in
Home       Members    Calendar    Who's On

Add to briefcase

MSSQL Vulnerabilities Expand / Collapse
Posted Tuesday, October 8, 2013 11:32 AM


Group: General Forum Members
Last Login: Tuesday, June 23, 2015 5:14 PM
Points: 125, Visits: 756
Do we have to review monthly microsoft security bulletin to identify vulnerabilities affecting sql server ? If so do we have to apply them every month on the server? Please clarify.

My current sql edition : SQL server 2008R2 SP2 Enterprise
Windows: Windows server 2008R2 SP1
Post #1502737
Posted Tuesday, October 8, 2013 4:51 PM



Group: General Forum Members
Last Login: Wednesday, February 10, 2016 11:50 AM
Points: 6,897, Visits: 13,559
The classic answer would be: it depends. It's impossible to "clarify". But it's always good to know what vulnerabilities have been detected and fixed...

Once you know, you'll need to verify if the issue described will apply to your environment (Hardware, Software, Network, Firewall, DMZ ...).
If so, you'll need to check if the fix won't stop your system (e.g. due to a dedicated software or hardware component, that need to be updated first).
The rest would be the "standard procedure": install in Dev environment, test, test, and test, have the rollback guideline handy and verified and, finally, roll it out to production.

At our company the whole process is called "Patch Management". We try to know as much as possible regarding vulnerabilities (not only the fixes, but also the exploits found) but change the production system as infrequent as possible. The gap in between is part of our "Risk Management".

A pessimist is an optimist with experience.

How to get fast answers to your question
How to post performance related questions
Links for Tally Table , Cross Tabs and Dynamic Cross Tabs , Delimited Split Function
Post #1502873
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse