locked
Meltdown/Sperctre vulnerability fix for sql 2012 RRS feed

  • Question

  • Hi,

    As referring to ADV180002, I ‘have applied latest patch(KB4057116) for SQL 2012 SP4 and SQL version also changed to 2011.110.746,6. But vulnerability is still existing and Qualys recommending to install the patch that would upgrade the SQL version to 2011.110.7999.9999.  we couldn’t get the exact patch to fix the vulnerability and this issue is noticed for 2012. please advise if you have any information.

    Monday, January 22, 2018 11:45 AM

Answers

  • Hello,

    See SQL Server Guidance to protect against speculative execution side-channel vulnerabilities; that's currently the list of aviable patches regarding SQL Server.

    Qualys recommending to install the patch that would upgrade the SQL Version

    That Sound for me more an issue with that software (not up to date) then a SQL Server one.


    Olaf Helper

    [ Blog] [ Xing] [ MVP]

    • Marked as answer by dandoadmin Tuesday, January 23, 2018 11:33 AM
    Monday, January 22, 2018 12:08 PM
  • How did you determine the problem still exists?

    It sounds like "Qualys" did not update their version which fixes the problem.  There is not a version 2011.110.7999.9999.

    • Marked as answer by dandoadmin Tuesday, January 23, 2018 11:33 AM
    Monday, January 22, 2018 3:10 PM

All replies

  • Hello,

    See SQL Server Guidance to protect against speculative execution side-channel vulnerabilities; that's currently the list of aviable patches regarding SQL Server.

    Qualys recommending to install the patch that would upgrade the SQL Version

    That Sound for me more an issue with that software (not up to date) then a SQL Server one.


    Olaf Helper

    [ Blog] [ Xing] [ MVP]

    • Marked as answer by dandoadmin Tuesday, January 23, 2018 11:33 AM
    Monday, January 22, 2018 12:08 PM
  • How did you determine the problem still exists?

    It sounds like "Qualys" did not update their version which fixes the problem.  There is not a version 2011.110.7999.9999.

    • Marked as answer by dandoadmin Tuesday, January 23, 2018 11:33 AM
    Monday, January 22, 2018 3:10 PM
  • Hi Olaf,

    Thanks for the information, Qualys had not updated SQL profile/catalog information and that was recommended to install some random SQL version. it's now corrected and vulnerability is fixed.


    Tuesday, January 23, 2018 11:36 AM