Avatar of metalfubar
metalfubar
 asked on

SQL server patching help needed

Hey there,

I need help making sure my sql server is patched for a 3rd party audit that is occurring for PCI requirments.  The article below references the one needed and I'm ready to retest but is there a way to verify it's installed before running the penetration testing?  Should this simply be able to be done through windows update?  No sql upgrades required?

thx

metalfubar

https://technet.microsoft.com/library/security/MS14-044
Microsoft SQL ServerMicrosoft Legacy OSWindows Server 2008

Avatar of undefined
Last Comment
Vitor Montalvão

8/22/2022 - Mon
ste5an

I would run MBSA first. Then I would run Microsoft® SQL Server® 2012 Best Practices Analyzer .

For the rest: it depends. Normally "simply thru updates" is not enough. Cause this would mean that you install untested patches and updates. Often an unwanted scenario. But as I said, it depends on the kind of service your server should provide.
metalfubar

ASKER
ok I installed and ran this and have included a screen shot of the results.  do I need to act on these?

Wsus is configured at corporate so these patches for windows are approved so we're good there.

thanks in advance.

metalfubar
sql-bpa-results.png
ste5an

This means, that the user account your using for the scan - yours - is not an explicit member of the sysadmin group, which is a prerequisite.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Vitor Montalvão

You don't need to run MBSA before applying a patch. MBSA should be run periodically (once or twice by year depending on the changes you make in the SQL Server instance).

In what version of SQL Server you're going to apply the patch?
If you have MSSQL 2014 without Master Data Services then you don't need to apply this patch. Otherwise you can apply it (will cause a SQL Server restart).
metalfubar

ASKER
is the sys admin group different than the local admins of which I'm a domain admin?

SQL version is 2012 SP2.

Under the normal windows updates, I'm not seeing sql specific patches since October.
ASKER CERTIFIED SOLUTION
Vitor Montalvão

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question