locked
Scan results show vulnerable after migration RRS feed

  • Question

  • We migrated XYZ  SQL box from SQL Server 2008 to SQL Server 2008 R2 SP3(10.50.6542) but when we scan for vulnerable servers the XYZ server is showing up every time under SQL Vulnerabilities(vulnerable Version). Below is the scan result error we are seeing.

    <ul><li>Running   TDS service</li><li>Product SQL Server 2008 found in fingerprint   is not SQL Server 2000</li><li>Product SQL Server 2008 found in   fingerprint is not SQL Server 2005</li><li>Product SQL Server   2008 exists -- Microsoft SQL Server 2008   10.50.2500</li><li>Version of product SQL Server 2008 is not   vulnerable -- Microsoft SQL Server 2008   10.50.2500</li><li>Product SQL Server 2008 exists -- Microsoft   SQL Server 2008 10.50.2500</li><li>Vulnerable version of product   SQL Server 2008 found -- Microsoft SQL Server 2008   10.50.2500</li></ul>
    <ul><li>Running TDS   service</li><li>Product SQL Server 2005 found in fingerprint is   not SQL Server 2000</li><li>Product SQL Server 2005 exists --   Microsoft SQL Server 2005 9.0.5000</li></ul>

    When we verified control panel never saw anything old version installations. I doubt somewhere in the registry we have old installation keys and our scan is scanning them.

    I checked the registry Computer\HKey_local_Machine\Software\Microsoft\Microsft SQl Native Client\Current Version registry with key with version 9.00.5000.00 is it something I need to suspect. Please help me which keys I need to look and fix the issue.

    Tuesday, May 23, 2017 2:30 PM

All replies

  • Hi Jayjayj,

    >>but when we scan for vulnerable servers the XYZ server is showing up every time under SQL Vulnerabilities(vulnerable Version).

    Is that info from a third-party software? If so, I’d suggest you contact their support regarding such info. For now, I’d suggest you either keep SQL Server up-to-date(as you already did) or upgrade to newer version as mainstream support for SQL Server 2008/2008R2 has ended.

    If you have any other questions, please let me know.

    Regards,
    Lin

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, May 24, 2017 3:15 AM
  • When you migrate or uninstall SQL Server may leave some of the components of previous version, this is what I have noticed. But it is strange to see this being reported as vulnerability.

    Can you run SQL Server Discovery report and post result here.


    Cheers,

    Shashank

    Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it

    My TechNet Wiki Articles

    MVP

    Wednesday, May 24, 2017 5:13 AM