Critical SQL Server Patches for Meltdown and Spectre

There are two new possible viruses Meltdown and Spectre that can lead to dangerous situations on your SQL server by attacks. The following summary allows you to review and decide how to patch your systems.  All SQL DBAs need to take action to make sure that they have backups as well as protecting the current systems.

Microsoft SQL Server 2016

 

SQL Server Versions Affected

This is a hardware issue, so every system is affected. SQL Server running on x86 and x64 for these versions:

  • SQL Server 2008
  • SQL Server 2008R2
  • SQL Server 2012
  • SQL Server 2014
  • SQL Server 2016
  • SQL Server 2017
  • Azure SQL Database

It is likely that SQL Server 2005, SQL Server 2000, SQL Server 7, SQL Server 6.5 are all affected. No SQL Server patches are coming due to the age and since they have been out of commission for the past few years.

Note: according to Microsoft, IA64 systems are not believed to be affected. If you have SQL Server 2008, 2008 R2, 2012, 2014 you’ll have to wait on SQL Server patches.  You can continue to visit the Microsoft web site for when the patches will become available.

SQL Server Patches

There is a KB (4073225) that discusses the attacks. You can read that in

Here are the patches as of this time:

We will update as more patches become available.

OS Patches

The Window KB for guidance is 4072698.

Here are the OS patches that I’ve been able to find.

Leave a Comment