1. Skip to Menu
  2. Skip to Content
  3. Skip to Footer>

Expert Sessions!

Security Bulletin - MSSQL - GDR / QFE / SP

Tuesday, 31 July 2012 11:20

Written by Prakash Palani

Print E-mail

 

Microsoft releases security patches on a regular basis, it is imperative for every database administrator to check the Microsoft security bulletin once a month and apply the security patches applicable (on a regular interval) to the product used in your landscape. This blog is about outlining the information like finding the latest applicable security patch and the way forward.

 

Step 1 : Check the latest available security patches

 

Goto : http://www.microsoft.com/technet/security/bulletin/MS11-049.mspx

 

Select the product/technology and “Search Microsoft Security Bulletins” and click on “Go”

 

This will list down all the security patches applicable to “SQL Server 2005” Product.

 

 

 

Click on the latest security patch, in our case, “Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893): MS11-049”

Read through the Executive Summary carefully, then scroll down to check the Affected and Non-Affected Release and locate “SQL Server”

 

As a next step,  expand the Frequently Asked Question section to understand which pack is applicable to your release. For SQL , Microsoft releases both GDR and QFE updates offered for every version, hence it is important for you to understand which one should be applied for your release.

 

GDR : General Distribution – In simple terms, this pack contains only the security related bug fixes related to SQL Server 2005 product

 

QFE : Quick Fix Engineering –In contrast to GDR, QFE will contain security patches + functionality changes to the product.

For more information : http://blogs.technet.com/b/instan/archive/2009/03/04/qfe-vs-gdr-ldr-hotfixes.aspx

 

You can check your sql release using -> SQL Studio -> New Query -> Select @@version (This will return the numbers like 9.00.5000), another method is to open explorer and locate sqlserver.exe, right click -> Properties - > Version (it will also return numbers like 9.00.5000) using which you can understand the current patch version)

 

Applying GDR (or) QFE depends upon your situation and requirement, applying one of them should arrest the security vulnerabilities. As an alternate, you can also apply the service pack which may contain the security patches, you can find the same under :

 

 

Before applying the patches, please read through the KB Article mentioned in each of  the patches to get to know further information on the fixes.

 

Security Bulletin - MSSQL - GDR / QFE / SP