Welcome to part two of our series on finding and patching SQL Servers in your organization. In part one we discussed
how to find all of the SQL Server instances on your network. In this part, we'll discuss patch deployment and the various options available to you.
Deployment of SQL Server patches is critical to maintain security and yet, to this day, it remains a very complicated process. For starters, you'll need to understand the difference between service packs and hotfixes. A service pack is a major product update that generally includes all bug fixes, security fixes and (in some cases) new features since the last service pack or the original release.
Hotfixes released from QFE (Quick Fix Engineering, from Microsoft) usually contain only interim bug fixes or security patches for new problems found between service packs. It should be noted that hotfixes, while cumulative as a rule (so you only need the latest one), are not regression tested, so their application involves a much larger degree of risk as opposed to the well-tested service pack releases.
HOW TO PATCH SQL SERVER, PART 2
Step 1: Segregate your scan results
Step 2: Obtain service packs and prepare for deployment
Step 3: Deploy service packs
Step 4: Obtain hotfixes and prepare for deployment
Step 5: Deploy hotfixes
Step 6: Re-assess network
Step 7: Plan next assessment
Back: How to patch SQL Server, part 1
ABOUT THE AUTHOR:
Chip Andrews is the director of research and development for Special Ops Security Inc. and the founder of the SQLSecurity.com Web site, which focuses on Microsoft SQL Server security topics and issues. He is also the author of SQL Server Security.