Patching Quickly

The Equifax breach and hack occurred because of an un-patched Apache server. Recently a manufacturing plant was disrupted because of a VPN vulnerability, one for which a patch was available. There are no shortage of similar stories, where a patch wasn't applied, and a hacker took advantage of the vulnerability. It seems that social engineering was a huge problem a decade ago, but not un-patched systems are becoming more of an issue.

In the case of the manufacturing plant, the hackers seemed to have spent time using the vulnerability to explore the network and eventually attacked database servers, seeing these as the systems that would most likely disrupt the operations and get the company to pay a ransom.

While ransomware is in the news, I find many more "quiet" stories passed among professionals that had to deal with an attack and recover systems. We know that database systems are incredibly valuable and they often provide the information that drives other systems. If you were going to attack a system and stop operations, those might be the servers you look to find on a network.

Many of us that manage database servers aren't also responsible for other systems. We are responsible for our database systems, but do we patch them regularly? I've always been a little more conservative, but the last few years I've looked to patch my own systems more often. In fact, I also want to be sure we are patching production servers on a regular basis, even if they are running well. The quality of Microsoft Cumulative Updates has improved, though they are not perfect. Make sure you test, and keep an eye out for news of issues with patches.

I would also say that regular patching is a good habit to get into for all administrators. You want to be confident you can test and patch systems if needed. This is especially true for known security vulnerabilities. Even if you can't patch other servers, you can set a good example and request others patch to be sure that you don't wind up the subject of a story like the one linked above.

Steve Jones - SSC Editor

Join the debate, and respond to the editorial on the forums

Got a question about SQL Monitor? SQL Monitor’s Product Manager and Tech Lead are hosting a Q&A on the Redgate Forums on Tuesday 13 April.

Redgate has committed to organizing a free virtual Summit for the PASS Community this fall. To help guide the format and provide you and the data platform community with the best virtual event experience possible, we'd appreciate your input. As a thank you for your feedback you could win a Peloton Bike or $3,000 (the equivalent in your local currency) to donate to your chosen charity.

Since 2018, over 2,400 SQL Server professionals have provided valuable insights into how they monitor and manage their estates, and what challenges they’re facing, through the only industry-wide survey...

Migration to the cloud and PaaS solutions has accelerated in the past years, and many organizations now manage hybrid estates. To reflect this, the latest release of SQL Monitor adds Azure SQL Managed Instances to its list of supported cloud platforms. This article explains how to monitor performance and activity for Azure SQL Managed Instances using SQL Monitor, with advice on monitoring hybrid estates and migrating from on-prem to Azure SQL Managed Instance.

In this article, Chandra Kudumula shows how to us...

It’s 5 AM on Wednesday. Your CIO has called your cell phone at home. “We need you to log in right now! Someone or something deleted all of the...

The problem with using the default maintenance pla...

While XML is, without a doubt, a giant pain in the bottom, sometimes, the best way to deal with Extended Events is to simply embrace the XML. Now, I...

A quick post today, quite simply, the error messag...

One struggle for genomics research is the ability to analyze the vast amounts of data in an efficient way. Previously, this would have been performed using large, on-premise high...

A few of my colleagues can relate with the title o...

For a good portion of my career, I’ve been going to the annual Summit in the fall with lots of my fellow SQL Server/Data Platform professionals. I have been... The...

Just a little over a year ago, I started posting a...

Website for baseball analysis turned to MariaDB SkySQL as it looks to take on more game data from domestic and international sources.

The Big 3 clouds are not the only games in town when it comes to hybrid cloud providers.

Part seven of this series focuses on deploying an Azure Arc enabled Data Services controller to a Kubernetes cluster. As per the closing comments of the last blog post,...

Springtime is approaching in North America. Where I live, the snow has finally melted and we have blue skies with warmer temperatures. Of course, this means Spring Cleaning. Time to clear out the winter debris and spruce up the house. For me, this is also a good time for some computing housecleaning as well. I don’t know about your Windows environment, but I tend to accumulate a lot of junk. Most of the time I don’t see it, but I know it’s there. While the junk normally doesn’t have a negative impact, I think mentally, I like clearing things out and tidying up. So I pulled out some older PowerShell code, freshened it up, and now I have a set of tools for clearing out junk and temporary folders.

Activist alleges use of tracking identifiers witho...

Paper covers IDFA alternatives, rules for Apple's own apps, and more.

Illustrations by Catherine Madden Time &...

Out-of-control tempdb growth must be managed to keep the server running. Monica Rathbun gives her strategy to handle unexpected tempdb growth.

Communication is at the heart of DevOps, but it ca...

I work in computers and my son works in manufacturing, but both of us loathe a single phrase: We have always done it this way. Please allow me to...

There are several different variations and ways wh...

At the heart of Apache Kafka® sits the log—a si...

The launch of Intel’s Ice Lake Xeon Scalable pro...

2021 AMD-powered Microsoft Surface editions are on...

Silicon Motion has announced their first SD Card controller to support the NVMe-based SD Express interface. The new SM2708 controller is capable of sequential transfer speeds of 1700 MB/s,...

It’s even bigger than that time its researchers sunk a submarine-like data center in the ocean.

Disclaimer: I’m not a big fan of benchmark data.  I find it doesn’t provide us as much value in the Tags:  azure, oracle, Performance Del.icio.us Facebook TweetThis Digg...

FIXED: Rounds a number to the specified number of ...

Computing the rolling 12-months average in DAX loo...

FIND: Returns the starting position of one text string within another text string. FIND is case-sensitive and accent-sensitive. https://dax.guide/find/

COMBINEVALUES: Combines the given set of operands using a specified delimiter. https://dax.guide/combinevalues/

CONCATENATE: Joins two text strings into one text string. https://dax.guide/concatenate/ CONCATENATEX : Evaluates expression for each row on the table, then return the concatenation of those values in a...

Oracle sequences can be used to create artificial IDs for a table. In this article, Jonathan Lewis explains how they work under-the-hood.

Welcome to part seventeen of the plansplaining ser...

Oh. Lovely… Well, this SQL Server has dumps. At ...

Wild, Wild Life The post Spinlock Contention With Parallel Window Aggregates In SQL Server 2019 appeared first on Erik Darling Data.

Least Favorite This is one of my least favorite query patterns, because even with appropriate indexes, performance often isn’t very good without additional interventions. Without indexes in place, or...

Not A Doctor All of our previous queries looked about like this: WITH Comments AS ( SELECT ROW_NUMBER() OVER ( PARTITION BY c.UserId ORDER BY c.CreationDate ) AS n...

This page contains the description for my conference session “Five stages of grief – internals of a hash spill”. Description Target audience Experienced database developers and DBAs, plus all...

Have you ever come across an issue where your Powe...

Have you really used the Power BI model view? Patr...

Is Power BI intimidating? Coming from Microsoft Ex...

Explore how you can hide columns and tables to Pow...

Earlier in this series on importing data from ADLSgen2 into Power BI I showed how partitioning a table in your dataset can improve refresh performance. In that post I...

How to detect database drift prior to running a database migration, so that you can be certain that a database hasn't been subject to any 'uncontrolled' changes that could...

There’s no doubt the cloud is having a big impact on the nature and make-up of SQL Server estates. The 2021 State of Database DevOps report from Redgate, for...

This is another in my series of blog posts where I take a deep dive into converting R graphs into SAS graphs. Today we'll be working on pie charts. I...

Keeping databases secure is critical. In this article, Robert Sheldon explains what to monitor for SQL Server security.

Unknown hackers attempted to add a backdoor to the...

The personal data of more than half a billion Face...

Patching in industrial settings is hard. Ransomware shutting down production is harder.

Google’s Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by “Western government operatives...

An analysis of well-known extortion groups and their cryptocurrency transactions reveals the answer.

Having an effective cyber security incident response plan in place will mitigate the damage an incident can cause.

While working on a project today, I ran into an interesting issue I’d never encountered before. The THROW command is non-terminating if it is used in a stored procedure over a linked-server.

There are two ways you can write comments in T-SQL...

Total: 1 Average: 5SQL CASE? Piece of cake! Really...

All around us, we are seeing a war of what was, versus what we are becoming. This battle isn’t new; every age has those that hang onto the past...

Google's promotion of Rust over C and C++ should l...

FTC blasts "anticompetitive actions to neutralize, hinder, or deter" competitors.

The last votes for one of the most closely watched unionization drives in modern history came in on Monday, March 29, and results could be announced shortly. The vote...

The new 802.11bf standard will turn Wi-Fi devices into object sensors: In three years or so, the Wi-Fi specification is scheduled to get an upgrade that will turn wireless devices...

"We were like, well, we didn't really account for that."

Cargo and Crew Dragons are creating a bit of a traffic jam in space.

EUDCA managing director Alex Rabbetts on The Data Center Podcast

"We take the scaling challenge seriously and have a clear roadmap."