Critical SQL Server Patches for Meltdown and Spectre
There are two new possible viruses Meltdown and Spectre that can lead to dangerous situations on your SQL server by attacks. The following summary allows you to review and decide how to patch your systems. All SQL DBAs need to take action to make sure that they have backups as well as protecting the current systems.
SQL Server Versions Affected
This is a hardware issue, so every system is affected. SQL Server running on x86 and x64 for these versions:
- SQL Server 2008
- SQL Server 2008R2
- SQL Server 2012
- SQL Server 2014
- SQL Server 2016
- SQL Server 2017
- Azure SQL Database
It is likely that SQL Server 2005, SQL Server 2000, SQL Server 7, SQL Server 6.5 are all affected. No SQL Server patches are coming due to the age and since they have been out of commission for the past few years.
Note: according to Microsoft, IA64 systems are not believed to be affected. If you have SQL Server 2008, 2008 R2, 2012, 2014 you’ll have to wait on SQL Server patches. You can continue to visit the Microsoft web site for when the patches will become available.
SQL Server Patches
There is a KB (4073225) that discusses the attacks. You can read that in
Here are the patches as of this time:
We will update as more patches become available.
The Window KB for guidance is 4072698.
Here are the OS patches that I’ve been able to find.
- Windows Server (Server Core) v 1709 – KB4056892
- Windows Server 2016 – KB4056890
- Windwos Server 2012 R2 – KB4056898
- Windows Server 2012 – N/A
- Windows Server 2008 R2 – KB4056897
- Windows Server 2008 – N/A
- Red Hat v.7.3 – Kernel Side-Channel Attacks CVE-2017-5754, 5753, 5715
- SUSE Linux – 7022512
- Ubuntu – Update on the patches