If you would ask me what one of the most forgotten but essential elements of database security and stability is, it would be keeping all of the involved software in the database environment up to date. That might seem trivial, but experience shows that in a lot of environments this is often positioned in “the gray area”. Especially when a customer has a lot of third party vendors bringing their own databases. In this time of exploit kits enabling even the non-technically savvy to launch sophisticated attacks, patch management takes on a new importance. Especially when you consider the fact that getting access to any database, is considered hitting the jackpot by a hacker.
This is not the only reason why patching is crucial. It is a very complex product that SQL server runs in a cyclic bi-monthly cumulative update model implementing crucial bug, performance and security fixes.
Both reasons are why getting the applicable patches installed as soon as possible after their release is more important than ever. “As soon as possible” being the key phrase; it doesn’t necessarily mean “immediately after release.” While patching has evolved to the point where automatic updating processes will do the work for you, and whereas this might be the best practice for consumers, it’s not prudent to just “set it and forget it” in a database context. Downtime or corruption from a botched patch could have a high impact on the company’s SLA’s.
Unfortunately patch management isn’t just more important than ever, it’s also more complex than ever as uniformity is the exception rather than the rule. Most corporate networks run a mix of SQL Server editions. Ensuring all of these are properly patched is a major headache for IT.
The need to patch as quickly as possible conflicts with another important tenet of updating: stability and the need to carefully test patches in a controlled environment before rolling them out on your production network. This second need is also more important than ever because of the increased complexity of the product. That means there is a greater chance undiscovered conflicts will result in problems, when applied to specific configurations.
Due to the nature and complexity of SQL Server, it’s impossible for Microsoft to cover every possible configuration in testing. That’s why Microsoft’s own best practices on patch management have long included in-house testing on systems designed to emulate your production systems. The trick is to protect your systems as much as possible from vulnerabilities, without putting them at risk from applying untested patches. The first step is to have someone evaluate each patch individually and in effect perform a risk assessment for each vulnerability. That means looking at the following factors for every patch:
Patching priorities will be different for different organizations and even for different machines within an organization, based on these considerations.
Most of the time we hear that while the system admins know which OS to patch, SQL Server is often left running as is, because it “just runs”. The problem is some SQL Server builds are known as “dangerous builds.” The level of risk going from “unstable” over “insecure” to “corrupts data in specific situations.”
At Kohera we offer periodic health-checks including an evaluation of the patch level of your servers running SQL server. Because we’re running this for several clients our consultants have solid knowledge of the “dangerous builds” and the potential stability risks (not) implementing a patch can have on your environment. This enables us to advise and assist you in maintaining a solid patch management.
© 2023 Kohera
Crafted by
© 2022 Kohera
Crafted by
Cookie | Duration | Description |
---|---|---|
ARRAffinity | session | ARRAffinity cookie is set by Azure app service, and allows the service to choose the right instance established by a user to deliver subsequent requests made by that user. |
ARRAffinitySameSite | session | This cookie is set by Windows Azure cloud, and is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session. |
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category. |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
CookieLawInfoConsent | 1 year | CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie. |
elementor | never | The website's WordPress theme uses this cookie. It allows the website owner to implement or change the website's content in real-time. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | Cloudflare set the cookie to support Cloudflare Bot Management. |
pll_language | 1 year | Polylang sets this cookie to remember the language the user selects when returning to the website and get the language information when unavailable in another way. |
Cookie | Duration | Description |
---|---|---|
_ga | 1 year 1 month 4 days | Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. |
_ga_* | 1 year 1 month 4 days | Google Analytics sets this cookie to store and count page views. |
_gat_gtag_UA_* | 1 minute | Google Analytics sets this cookie to store a unique user ID. |
_gid | 1 day | Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously. |
ai_session | 30 minutes | This is a unique anonymous session identifier cookie set by Microsoft Application Insights software to gather statistical usage and telemetry data for apps built on the Azure cloud platform. |
CONSENT | 2 years | YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data. |
vuid | 1 year 1 month 4 days | Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website. |
Cookie | Duration | Description |
---|---|---|
ai_user | 1 year | Microsoft Azure sets this cookie as a unique user identifier cookie, enabling counting of the number of users accessing the application over time. |
VISITOR_INFO1_LIVE | 5 months 27 days | YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface. |
YSC | session | Youtube sets this cookie to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the user's video preferences using embedded YouTube videos. |
yt-remote-device-id | never | YouTube sets this cookie to store the user's video preferences using embedded YouTube videos. |
yt.innertube::nextId | never | YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen. |
Cookie | Duration | Description |
---|---|---|
WFESessionId | session | No description available. |