SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


It's Time to Patch and Upgrade


It's Time to Patch and Upgrade

Author
Message
Steve Jones
Steve Jones
SSC Guru
SSC Guru (328K reputation)SSC Guru (328K reputation)SSC Guru (328K reputation)SSC Guru (328K reputation)SSC Guru (328K reputation)SSC Guru (328K reputation)SSC Guru (328K reputation)SSC Guru (328K reputation)

Group: Administrators
Points: 328361 Visits: 20105
Comments posted to this topic are about the item It's Time to Patch and Upgrade

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
chrisn-585491
chrisn-585491
SSCertifiable
SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)

Group: General Forum Members
Points: 7832 Visits: 2788
I posted this elsewhere in the forums yesterday:


SQL Server Guidance to protect against speculative execution side-channel vulnerabilities
https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server


There have been also preliminary benchmarks of the performance hit that one of the patches cause on heavy I/O loads of 17 to 30%. Note this was PostgreSQL on Linux, but y'all should monitor your ETL and backup times. Maybe the push needed to go to SSD systems for those still on spinney disks .

Short term we should patch and monitor.

Long term, we really need to have an serious computer industry wide discussion on hardware and software security, programming language, processes and some of decisions made over the last two decades. There's a lot of issues that need to be unpacked.

(As a side note, one of my main frame sysadmin buddies, is saying "I told you so" about the hardware flaws.... But IBM is also issuing patches for firmware and OSes... Whistling )

jay-h
jay-h
SSCertifiable
SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)

Group: General Forum Members
Points: 7797 Visits: 2562
It's also interesting that some of the browser attacks were through new enhancements designed to make browsers perform better. The fix is to disable the new features.

Changes are a double edged sword.

...

-- FORTRAN manual for Xerox Computers --
GilaMonster
GilaMonster
SSC Guru
SSC Guru (547K reputation)SSC Guru (547K reputation)SSC Guru (547K reputation)SSC Guru (547K reputation)SSC Guru (547K reputation)SSC Guru (547K reputation)SSC Guru (547K reputation)SSC Guru (547K reputation)

Group: General Forum Members
Points: 547895 Visits: 47738
chrisn-585491 - Friday, January 5, 2018 6:17 AM
(As a side note, one of my main frame sysadmin buddies, is saying "I told you so" about the hardware flaws.... )

I wouldn't be so fast to crow if I were him. They aren't reported as vulnerable. Doesn't mean they aren't (or that there aren't equally nasty flaws waiting to be found)


Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


Eric M Russell
Eric M Russell
SSC Guru
SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)

Group: General Forum Members
Points: 62295 Visits: 12763
Tuesday morning I discovered an overnight ETL process running on an Azure IaaS instance had aborted. Yesterday, I was told that Microsoft rebooted our Azure hosted servers in the process of applying some emergency patch. I'm guessing this fix was it. While this resulted in only a couple of minutes downtime for the server, we actually lost several hours of processing work downstream. This is why I believe that fewer maintenance windows (preferably scheduled in advance) of longer duration are better than more frequent random occurrences of short duration. However, this particular issue was probably a rare event. We also need to look into making our ETL process more robust, utilizing retry logic and the capability to restart from SSIS checkpoints.


"The universe is complicated and for the most part beyond your control, but your life is only as complicated as you choose it to be."
Eric M Russell
Eric M Russell
SSC Guru
SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)

Group: General Forum Members
Points: 62295 Visits: 12763
jay-h - Friday, January 5, 2018 6:45 AM
It's also interesting that some of the browser attacks were through new enhancements designed to make browsers perform better. The fix is to disable the new features.

Changes are a double edged sword.

Performance optimization often times means programming shortcuts around bottlenecks. Unfortunately this sometimes means bypassing security checks or introducing new vulnerabilities to exploit.



"The universe is complicated and for the most part beyond your control, but your life is only as complicated as you choose it to be."
GilaMonster
GilaMonster
SSC Guru
SSC Guru (547K reputation)SSC Guru (547K reputation)SSC Guru (547K reputation)SSC Guru (547K reputation)SSC Guru (547K reputation)SSC Guru (547K reputation)SSC Guru (547K reputation)SSC Guru (547K reputation)

Group: General Forum Members
Points: 547895 Visits: 47738
Eric M Russell - Friday, January 5, 2018 7:23 AM
Tuesday morning I discovered an overnight ETL process hosted on an Azure IaaS instance had aborted. Yesterday, I was told that Microsoft rebooted our Azure hosted servers in the process of applying some emergency patch. I'm guessing this was it.


Yup, everything that my company runs/manages on Azure got rebooted. I believe it was originally scheduled for next week (when the official disclosure was supposed to happen), but careless words from AMD lead to the details of the bugs leaking early, hence the emergency patches.

Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


chrisn-585491
chrisn-585491
SSCertifiable
SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)

Group: General Forum Members
Points: 7832 Visits: 2788
GilaMonster - Friday, January 5, 2018 6:48 AM
chrisn-585491 - Friday, January 5, 2018 6:17 AM
(As a side note, one of my main frame sysadmin buddies, is saying "I told you so" about the hardware flaws.... )

I wouldn't be so fast to crow if I were him. They aren't reported as vulnerable. Doesn't mean they aren't (or that there aren't equally nasty flaws waiting to be found)

I edited my original post, because I double checked him and all the IBM processors have the same issues as everyone else's.

"What we have here is a failure to lock the barn door, just because we want to milk the cows faster..." - my uncle, the dairy farmer.

chrisn-585491
chrisn-585491
SSCertifiable
SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)SSCertifiable (7.8K reputation)

Group: General Forum Members
Points: 7832 Visits: 2788
GilaMonster - Friday, January 5, 2018 7:31 AM
Eric M Russell - Friday, January 5, 2018 7:23 AM
Tuesday morning I discovered an overnight ETL process hosted on an Azure IaaS instance had aborted. Yesterday, I was told that Microsoft rebooted our Azure hosted servers in the process of applying some emergency patch. I'm guessing this was it.


Yup, everything that my company runs/manages on Azure got rebooted. I believe it was originally scheduled for next week (when the official disclosure was supposed to happen), but careless words from AMD lead to the details of the bugs leaking early, hence the emergency patches.


Actually, folks keeping an eye on the Linux kernel development figured it out before most. Rumors have been drifting around for a few weeks.

And several years ago, there are a few smart folks predicting this exact bug in Intel processors. (I'd have to look, it was a topic of discussion on Hacker News yesterday...)
GilaMonster
GilaMonster
SSC Guru
SSC Guru (547K reputation)SSC Guru (547K reputation)SSC Guru (547K reputation)SSC Guru (547K reputation)SSC Guru (547K reputation)SSC Guru (547K reputation)SSC Guru (547K reputation)SSC Guru (547K reputation)

Group: General Forum Members
Points: 547895 Visits: 47738
chrisn-585491 - Friday, January 5, 2018 8:03 AM
GilaMonster - Friday, January 5, 2018 7:31 AM
Eric M Russell - Friday, January 5, 2018 7:23 AM
Tuesday morning I discovered an overnight ETL process hosted on an Azure IaaS instance had aborted. Yesterday, I was told that Microsoft rebooted our Azure hosted servers in the process of applying some emergency patch. I'm guessing this was it.


Yup, everything that my company runs/manages on Azure got rebooted. I believe it was originally scheduled for next week (when the official disclosure was supposed to happen), but careless words from AMD lead to the details of the bugs leaking early, hence the emergency patches.


Actually, folks keeping an eye on the Linux kernel development figured it out before most.

Yes, after an AMD dev merged a patch with a comment that had a great flashing neon arrow pointing to the root cause. :-)


Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum








































































































































































SQLServerCentral


Search