Link to home
Create AccountLog in
Avatar of metalfubar

asked on

SQL server patching help needed

Hey there,

I need help making sure my sql server is patched for a 3rd party audit that is occurring for PCI requirments.  The article below references the one needed and I'm ready to retest but is there a way to verify it's installed before running the penetration testing?  Should this simply be able to be done through windows update?  No sql upgrades required?


Avatar of ste5an
Flag of Germany image

I would run MBSA first. Then I would run Microsoft® SQL Server® 2012 Best Practices Analyzer .

For the rest: it depends. Normally "simply thru updates" is not enough. Cause this would mean that you install untested patches and updates. Often an unwanted scenario. But as I said, it depends on the kind of service your server should provide.
Avatar of metalfubar


ok I installed and ran this and have included a screen shot of the results.  do I need to act on these?

Wsus is configured at corporate so these patches for windows are approved so we're good there.

thanks in advance.

This means, that the user account your using for the scan - yours - is not an explicit member of the sysadmin group, which is a prerequisite.
You don't need to run MBSA before applying a patch. MBSA should be run periodically (once or twice by year depending on the changes you make in the SQL Server instance).

In what version of SQL Server you're going to apply the patch?
If you have MSSQL 2014 without Master Data Services then you don't need to apply this patch. Otherwise you can apply it (will cause a SQL Server restart).
is the sys admin group different than the local admins of which I'm a domain admin?

SQL version is 2012 SP2.

Under the normal windows updates, I'm not seeing sql specific patches since October.
Avatar of Vitor Montalvão
Vitor Montalvão
Flag of Switzerland image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account