Tit-Bits on the recent speculative execution side-channel vulnerabilities


Microsoft is aware of a new publicly disclosed class of vulnerabilities that are referred to as “speculative execution side-channel attacks” that affect many modern operating systems including Android, Chrome, iOS, and MacOS and processors, including those from Intel, AMD, and ARM.

Microsoft has released several updates both at the SQL application level and the Windows OS level to help mitigate these vulnerabilities. Also Microsoft continues working closely with industry partners, including chip makers, hardware OEMs, and app vendors to protect customers. To get all available protections, hardware/firmware and software updates are required. This includes microcode from device OEMs and, in some cases, updates to antivirus software as well.

The following tables provide the patch information released to secure the machines from this vulnerability.

SQL SERVER PATCH DETAILS :

SQL server builds

Product level

Edition

SQL server version

Update KB

14.0.1000.169

 

RTM

 

Enterprise Edition (64-bit)

 

SQL Server 2017

 

4057122

 

14.0.3006.16 - 14.0.3008.27

 

RTM (CU)

 

Enterprise Edition (64-bit)

 

SQL Server 2017

 

4058562

 

13.0.1601.5

 

RTM

 

Enterprise Edition (64-bit)

 

SQL Server 2016

 

4058560

 

13.0.2149.0 - 13.0.2216.0

 

RTM (CU)

 

Enterprise Edition (64-bit)

 

SQL Server 2016

 

4058559

 

13.0.4001.0

 

SP1

 

Enterprise Edition (64-bit)

 

SQL Server 2016

 

4057118

 

13.0.4411.0 - 13.0.4457.0

 

SP1 (CU)

 

Enterprise Edition (64-bit)

 

SQL Server 2016

 

4058561

 

10.50.6000 - 10.50.6542

 

SP4

 

Enterprise Edition (64-bit) & (32-bit)

 

SQL Server 2008 R2

 

4057113

 

10.00.6000 - 10.00.6547 SP3 Enterprise Edition (64-bit) & (32-bit) SQL Server 2008 4057114

 

WINDOWS PATCH DETAILS :

Operating system version

Update KB

Windows Server, version 1709 (Server Core Installation) 4056892
Windows Server 2016 4056890
Windows Server 2012 R2 4056898
Windows Server 2008 R2

4056897

For information on the various mitigations that needs to be applied at the OS level and the SQL server level please follow my next blog @ https://blogs.msdn.microsoft.com/shreyasgowda/2018/01/12/tit-bits-2-on-recent-speculative-execution-side-channel-vulnerabilities/

For further information on the precautionary measures of the vulnerability you can refer the following KB articles :

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server

Hope this helps.. Happy protecting!!


Comments (0)

Skip to main content