Solved

SQL server patching help needed

Posted on 2014-12-23
6
165 Views
Last Modified: 2015-01-22
Hey there,

I need help making sure my sql server is patched for a 3rd party audit that is occurring for PCI requirments.  The article below references the one needed and I'm ready to retest but is there a way to verify it's installed before running the penetration testing?  Should this simply be able to be done through windows update?  No sql upgrades required?

thx

metalfubar

https://technet.microsoft.com/library/security/MS14-044
0
Comment
Question by:metalfubar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 34

Expert Comment

by:ste5an
ID: 40515055
I would run MBSA first. Then I would run Microsoft® SQL Server® 2012 Best Practices Analyzer .

For the rest: it depends. Normally "simply thru updates" is not enough. Cause this would mean that you install untested patches and updates. Often an unwanted scenario. But as I said, it depends on the kind of service your server should provide.
0
 

Author Comment

by:metalfubar
ID: 40515298
ok I installed and ran this and have included a screen shot of the results.  do I need to act on these?

Wsus is configured at corporate so these patches for windows are approved so we're good there.

thanks in advance.

metalfubar
sql-bpa-results.png
0
 
LVL 34

Expert Comment

by:ste5an
ID: 40515329
This means, that the user account your using for the scan - yours - is not an explicit member of the sysadmin group, which is a prerequisite.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 51

Expert Comment

by:Vitor Montalvão
ID: 40516088
You don't need to run MBSA before applying a patch. MBSA should be run periodically (once or twice by year depending on the changes you make in the SQL Server instance).

In what version of SQL Server you're going to apply the patch?
If you have MSSQL 2014 without Master Data Services then you don't need to apply this patch. Otherwise you can apply it (will cause a SQL Server restart).
0
 

Author Comment

by:metalfubar
ID: 40523626
is the sys admin group different than the local admins of which I'm a domain admin?

SQL version is 2012 SP2.

Under the normal windows updates, I'm not seeing sql specific patches since October.
0
 
LVL 51

Accepted Solution

by:
Vitor Montalvão earned 500 total points
ID: 40537476
Sorry for the delay in answering you but I was in holidays.

is the sys admin group different than the local admins of which I'm a domain admin?
There's no sys admin group in SQL Server but Sysadmin role than can be set to a user or a set of users. By default Windows Local Admin group doesn't has permissions in SQL Server.

Under the normal windows updates, I'm not seeing sql specific patches since October.
It's set to automatic applies? The CU3 for MSSQL2012 SP2 was released on November 2014.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question