locked
SQL Security Patches & CU RRS feed

  • Question

  • Am just wondering if SQL Server Security Patches are included in the next CU or SP.

    For instance, MS16-136 - Security Update for SQL Server, is not included in the next available CU or SP. So, is that like we have to install Security Patch separately to fix those vulnerabilities? Thanks


    Rgds, Krishna



    Tuesday, July 11, 2017 1:22 PM

Answers

All replies

  • Hmm I  think  SP does not include security update. Youu need to look here

    https://technet.microsoft.com/en-us/library/security/ms11-049

    The majority of security updates released are for client side (often browser) issues. They may or may not be relevant to a server installation

    http://sqlblog.com/blogs/aaron_bertrand/archive/2011/06/14/security-updates-for-all-supported-versions-of-sql-server.aspx


    Best Regards,Uri Dimant SQL Server MVP, http://sqlblog.com/blogs/uri_dimant/

    MS SQL optimization: MS SQL Development and Optimization
    MS SQL Consulting: Large scale of database and data cleansing
    Remote DBA Services: Improves MS SQL Database Performance
    SQL Server Integration Services: Business Intelligence

    Tuesday, July 11, 2017 2:51 PM
  • Thanks much Uri,

    I think they should add these type of important patches to CU/SP, as this one in <g class="gr_ gr_47 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="47" id="47">partuclar</g> says "could allow an attacker to gain elevated privileges that could be used to view, change, or delete data; or create new accounts. The security update addresses these most severe vulnerabilities by correcting how SQL Server handles pointer casting.

    I will have a call with MS support as well later.


    Rgds, Krishna


    Tuesday, July 11, 2017 5:30 PM