October 8, 2013 at 11:32 am
Do we have to review monthly microsoft security bulletin to identify vulnerabilities affecting sql server ? If so do we have to apply them every month on the server? Please clarify.
My current sql edition : SQL server 2008R2 SP2 Enterprise
Windows: Windows server 2008R2 SP1
October 8, 2013 at 4:51 pm
The classic answer would be: it depends. It's impossible to "clarify". But it's always good to know what vulnerabilities have been detected and fixed...
Once you know, you'll need to verify if the issue described will apply to your environment (Hardware, Software, Network, Firewall, DMZ ...).
If so, you'll need to check if the fix won't stop your system (e.g. due to a dedicated software or hardware component, that need to be updated first).
The rest would be the "standard procedure": install in Dev environment, test, test, and test, have the rollback guideline handy and verified and, finally, roll it out to production.
At our company the whole process is called "Patch Management". We try to know as much as possible regarding vulnerabilities (not only the fixes, but also the exploits found) but change the production system as infrequent as possible. The gap in between is part of our "Risk Management". 😉
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply