What security risks are there with SQL2008 and IIS 7.5
We had a security company do an audit and they are concerned about our SQL2008 server end of life and our IIS 7.5 end of life. The server is 2008 R2. I was informed the only way to update the IIS server is to switch to a 2012 or new server.
My question is what risk is there with these two pieces of software?
My question is what risk is there with these two pieces of software?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
where is the link to award points and close the question?
Maybe can take a look at this
https://www.experts-exchange.com/questions/28934235/How-to-close-a-question.html?anchorAnswerId=41530228#a41530228
https://www.experts-exchange.com/questions/28934235/How-to-close-a-question.html?anchorAnswerId=41530228#a41530228
ASKER
look at this post. The BEST and ASSISTED buttons are gone
I understand there may be some changes, may I request that you click on the report question to alert moderator for advice.
ASKER
ok
Much appreciated.
https://blogs.msdn.microsoft.com/sqlreleaseservices/end-of-mainstream-support-for-sql-server-2008-and-sql-server-2008-r2/
You got till 2019. As long as you keep deploying the Cumulative Updates and potential further service packs you will be fine till then, but after that security will become an issue as even if not publicly accessible, malicious code from internally infected devices (smartphones or user systems) could exploit vulnerabilities not patched by MS any longer.
https://technet.microsoft.com/en-us/library/ff803383.aspx
Hence I would suggest you start looking at what options are available in the future to upgrade to a newer SQL version.
Easiest is a single SQL server with sufficient CPU & memory/licensing (Azure or local) and run the database in compatibility mode.
Just point apps to new instances etc. (Easier said then done at times I know)
You got till 2019. As long as you keep deploying the Cumulative Updates and potential further service packs you will be fine till then, but after that security will become an issue as even if not publicly accessible, malicious code from internally infected devices (smartphones or user systems) could exploit vulnerabilities not patched by MS any longer.
https://technet.microsoft.com/en-us/library/ff803383.aspx
Hence I would suggest you start looking at what options are available in the future to upgrade to a newer SQL version.
Easiest is a single SQL server with sufficient CPU & memory/licensing (Azure or local) and run the database in compatibility mode.
Just point apps to new instances etc. (Easier said then done at times I know)
ASKER
Thanks to both. I guess you cannot split the points anymore. That is not a good improvement
ASKER