Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


MSSQL Vulnerabilities


MSSQL Vulnerabilities

Author
Message
deep_kkumar
deep_kkumar
SSC-Enthusiastic
SSC-Enthusiastic (127 reputation)SSC-Enthusiastic (127 reputation)SSC-Enthusiastic (127 reputation)SSC-Enthusiastic (127 reputation)SSC-Enthusiastic (127 reputation)SSC-Enthusiastic (127 reputation)SSC-Enthusiastic (127 reputation)SSC-Enthusiastic (127 reputation)

Group: General Forum Members
Points: 127 Visits: 756
Do we have to review monthly microsoft security bulletin to identify vulnerabilities affecting sql server ? If so do we have to apply them every month on the server? Please clarify.

My current sql edition : SQL server 2008R2 SP2 Enterprise
Windows: Windows server 2008R2 SP1
LutzM
LutzM
SSCertifiable
SSCertifiable (7K reputation)SSCertifiable (7K reputation)SSCertifiable (7K reputation)SSCertifiable (7K reputation)SSCertifiable (7K reputation)SSCertifiable (7K reputation)SSCertifiable (7K reputation)SSCertifiable (7K reputation)

Group: General Forum Members
Points: 7001 Visits: 13559
The classic answer would be: it depends. It's impossible to "clarify". But it's always good to know what vulnerabilities have been detected and fixed...

Once you know, you'll need to verify if the issue described will apply to your environment (Hardware, Software, Network, Firewall, DMZ ...).
If so, you'll need to check if the fix won't stop your system (e.g. due to a dedicated software or hardware component, that need to be updated first).
The rest would be the "standard procedure": install in Dev environment, test, test, and test, have the rollback guideline handy and verified and, finally, roll it out to production.

At our company the whole process is called "Patch Management". We try to know as much as possible regarding vulnerabilities (not only the fixes, but also the exploits found) but change the production system as infrequent as possible. The gap in between is part of our "Risk Management". ;-)



Lutz
A pessimist is an optimist with experience.

How to get fast answers to your question
How to post performance related questions
Links for Tally Table , Cross Tabs and Dynamic Cross Tabs , Delimited Split Function
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search