wish to know more about type of security/bug - patch/fix release for sql server

Question

Post reply

wish to know more about type of security/bug - patch/fix release for sql server

chewychewy

Hall of Fame

Points: 3126
More actions
July 24, 2012 at 2:09 am

#264249

Hi Guys,

Am new to this. Need u guys help on this.

1. Does SQL Server Service Pack consists of security fixes or only bug fixes?

Do u guys apply it asap upon release or only apply it only when the existing service pack is reaching EOS?

2. Other than service pack, do Microsoft release scheduled monthly SQL Server patch? If yes, does it consists of only security or also bug fixes? I suppose is the subset of service pack?

3. Any other kind of patches release for SQL Server?

Many thanks

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply

Ant-Green SSC Guru Points: 112965 More actions · Answer 1

You have RTM, SP and CU's in SQL.

The RTM is the first release which is ready to manufacture / market (forget the actual term), then MS release CU's (cumulative updates), then there will be a SP (service pack) then more CU's another SP, more CU's etc.

Keep your eye on this URL http://sqlserverbuilds.blogspot.co.uk/ it will tell you when there is a new CU or SP out and will provide links to the download pages, where you can read more about what is actually fixed in that particular CU or SP.

chewychewy Hall of Fame Points: 3126 More actions · Answer 2

chewychewy

Hall of Fame

Points: 3126

July 25, 2012 at 1:04 am

#1517184

thanks. How about security fix? Does Microsoft release monthly for SQL Server?

thanks

Gail Shaw SSC Guru Points: 1004494 More actions · Answer 3

No need, there aren't that many security vulnerabilities in SQL. Security patches mostly follow the CU and SP model.

Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

chewychewy Hall of Fame Points: 3126 More actions · Answer 4

Hi Gila.

thanks. Abit confused here.

MS release CU's (cumulative updates), then there will be a SP (service pack) then more CU's another SP, more CU's etc.

So i supposed CU and SP consists of security fixes as well as bug fixes?

If we don't apply CU but only service pack, does this mean we are actually prone to more risk as SP release is not that frequent.

I notice at times, Micrsoft release security fixes for MSSQL (if any) through monthly Microsoft Security Bulletin. I supposed all that will be included in SP?

thanks

Gail Shaw SSC Guru Points: 1004494 More actions · Answer 5

Consider that SQL 2005 went four years before a security flaw was found....

If there's an urgent security issue it may get released on Windows Update or as a hotfix. You can then decide whether or not to apply it.

Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass