Now that we've identified SQL Server instances, it's time to get the version information we need to plan our patch...
deployment. One quick method to get version information is to use the sqlver.exe tool (from www.sqlsecurity.com) to get the ssnetlib.dll version running on each server instance in our list. SQL Ver.exe initiates a connection to the SQL Server instance on a given port in order to get the server to send it the version of ssnetlib it is using. The advantage to using this patch determination method is that there's no need to log into the SQL Server instance at all to get this information, so it works on installations where you may not have rights to connect.
It should be noted that the ssnetlib.dll version does not always match the exact SQL Server version, so this scan usually gives only an 80% to 90% accuracy rate. That said, service packs almost always update ssnetlib.dll, so at the very least you can be sure you'll obtain the SQL Server product level and the service pack level from this probe.
HOW TO PATCH SQL SERVER, PART 1
Step 1: Map your network
Step 2: Perform an active scan
Step 3: Check for SQL registrations
Step 4: Probe remote services
Step 5: Probe for SSNetlib.dll versions
Step 6: Directly request version information
Go to: How to patch SQL Servers, part 2
ABOUT THE AUTHOR:
Chip Andrews is the director of research and development for Special Ops Security Inc. and the founder of the SQLSecurity.com Web site, which focuses on Microsoft SQL Server security topics and issues. He is also the author of SQL Server Security.