none
SQL Server Security Updates

    Question

  • Have a couple of SQL Server 2005. One of them is patched up to 9.00.4340 and the other is 9.00.4262.
    According to http://sqlserverbuilds.blogspot.com/ the latest build should be 9.00.5324

    Question 1) Are the patch / security updates cumulative like Oracle? Can I just apply 9.00.5324 and it'll include all the builds before 9.00.5324:
    9.00.5296
    9.00.5295
    9.00.5294
    9.00.5292
    9.00.5266
    ... etc

    Question 2) Anything I should look out for? Or is it simply seek out the download for 271642 on Windows Update and installing that? I got to this page http://support.microsoft.com/kb/2716427 but I do not see any download patch or anything like that.

    Edit: Also, I log on to server, and do Windows Update from the IE browser; it did not find any SQL Server updates. Why is that?

    Question 3) As far as rollback, just uninstall the KB from Add / Remove Programs?

    Thanks


    • Edited by freshie2012 Monday, February 18, 2013 8:55 PM
    Monday, February 18, 2013 8:50 PM

Answers

All replies

  • One suggestion is apply the patches in test environment and run the process/apps to make sure there are no issues.
    Monday, February 18, 2013 9:26 PM
  • Q1 - You will have to install Service Pack 4 and then apply any CU or

    SQL Server 2005 SP4

    http://www.microsoft.com/en-us/download/details.aspx?id=7218

    You can download Security fix from below site. This fix also includes SP4 CU1 to CU3

    http://technet.microsoft.com/en-us/security/bulletin/ms12-070

    Q2) - Backup all the system and user databases before applying any fixes or making any changes to SQL Server instance. Also, as a best approach you first have to install the patches on a test server and make sure your application works well and then only install on production servers

    Q3) You can uninstall the security fix, but you will not be able to uninstall service packs in SQL Server 2005. Starting SQL 2008 you can also uninstall service packs along with CU/hotfixes. If you want to go back to build 9.00.4340 or 9.00.4262, then you will have to uninstall SQL Server 2005 completely and reinstall it and apply the patches to bring it to the desired builds

    Monday, February 18, 2013 9:28 PM
  • Thank you Mitesh for the suggestion. Unfortunately, these two SQL2005 is just prod - no test / dev with 3rd party software's databases on them. The rest of SQL are in SQL2008 and up-to-date with fixes / CU / Security updates. I think pretty much running fine in a corner - out of sight, out of mind scenarios for these two instances.

    Keerthi: Thank you for the links. It's very helpful in getting the downloads.

    Question: Are Security Updates cumulative? For example after SP4 on SQL2005 (according to http://sqlserverbuilds.blogspot.com/) , we have Cumulative Package (latest is CU3 - KB2507769), Fixes (KB2572407, KB2598903, KB2615425) and Security Update (latest is KB2716427).

    1) Do I apply SP4, then CU3, then each applicable fixes and latest Security Update?

    2) OR, do I apply SP4, then KB2716427and that should include everything prior to it (CU3 and all fixes)?

    Thanks!

    Tuesday, February 19, 2013 3:45 PM
  • As per http://support.microsoft.com/kb/2716427

    In addition to the security update that is described in bulletin MS12-070, this security update also contains all the updates that are included in cumulative update packages 1 through 3. 

    So apply Sp4 and then apply this security update

    Tuesday, February 19, 2013 5:01 PM
  • Cool. Keerthi, Thanks for your help. Appreciate your guidance.
    Thursday, February 21, 2013 1:59 AM