No hearing, or breathing… No movement, no colors… Just silence… Sounds peaceful. Sounds serene. And in a world where entropy didn’t exist, it could even stay that way. That’s not our world, though. Our SQL Servers (in whatever flavor they exist) don’t live in utopia. They live in a world where bad actors are trying … Read more
On patch Tuesday this week, Microsoft released an Important severity security update (a CVSS base score of 7.5) The details of this 0-day exploit are available to read at the NIST site, and the Microsoft security update site. In short, the exploit that Microsoft has discovered and subsequently fixed can allow information disclosure. (That’s the … Read more
This post is part of our SQL Server security blog series, 30 SQL Server Security Checks in 30 Days. We’re publishing a new security check every day in the month of June. Visit our sp_CheckSecurity page to learn about our free SQL Server tool you can download and run to check your own server. For … Read more
This month I am providing a 12-point checklist of scripts to check your SQL server’s current security posture. Use these scripts to get an idea of where you are, so that you can make plans for the places you may want to go. The paradigms of least privilege and defense in depth are important to … Read more
With some of the CU and SP misses that happen, what’s a good schedule for patching a SQL Server? What are some things to do before applying a CU to a SQL Server? How can we verify our SP or CU didn’t break anything? And what CU should I apply? The latest? The even number … Read more