Tit-Bits on the recent speculative execution side-channel vulnerabilities


Microsoft is aware of a new publicly disclosed class of vulnerabilities that are referred to as “speculative execution side-channel attacks” that affect many modern operating systems including Android, Chrome, iOS, and MacOS and processors, including those from Intel, AMD, and ARM.

Microsoft has released several updates both at the SQL application level and the Windows OS level to help mitigate these vulnerabilities. Also Microsoft continues working closely with industry partners, including chip makers, hardware OEMs, and app vendors to protect customers. To get all available protections, hardware/firmware and software updates are required. This includes microcode from device OEMs and, in some cases, updates to antivirus software as well.

The following tables provide the patch information released to secure the machines from this vulnerability.

SQL SERVER PATCH DETAILS :

SQL server builds Product level Edition SQL server version Update KB
14.0.1000.169 RTM Enterprise Edition (64-bit) SQL Server 2017 4057122
14.0.3006.16 - 14.0.3008.27 RTM (CU) Enterprise Edition (64-bit) SQL Server 2017 4058562
13.0.1601.5 RTM Enterprise Edition (64-bit) SQL Server 2016 4058560
13.0.2149.0 - 13.0.2216.0 RTM (CU) Enterprise Edition (64-bit) SQL Server 2016 4058559
13.0.4001.0 SP1 Enterprise Edition (64-bit) SQL Server 2016 4057118
13.0.4411.0 - 13.0.4457.0 SP1 (CU) Enterprise Edition (64-bit) SQL Server 2016 4058561
12.0.5000.0 – 12.0.5207.0 SP2 Enterprise Edition (64-bit) & (32-bit) SQL Server 2014 4057120
12.0.5511.0 – 12.0.5563.0 SP2 (CU) Enterprise Edition (64-bit) & (32-bit) SQL Server 2014 4057117
11.0.6020.0 – 11.0.6251.0 SP3 Enterprise Edition (64-bit) & (32-bit) SQL Server 2012 4057115
11.0.6518.0 – 11.0.6607.0 SP3 (CU) Enterprise Edition (64-bit) & (32-bit) SQL Server 2012 4057121
11.0.7001.0 SP4 Enterprise Edition (64-bit) & (32-bit) SQL Server 2012 4057116
10.50.6000 - 10.50.6542 SP4 Enterprise Edition (64-bit) & (32-bit) SQL Server 2008 R2 4057113
10.00.6000 - 10.00.6547 SP3 Enterprise Edition (64-bit) & (32-bit) SQL Server 2008 4057114


WINDOWS PATCH DETAILS :

OS Version Update KB
Windows Server, version 1709 (Server Core Installation) 4056892
Windows Server 2016 4056890
Windows Server 2012 R2 4056898
Windows Server 2008 R2 4056897

 

For further information on the precautionary measures of the vulnerability you can refer the following KB articles :For information on the various mitigations that needs to be applied at the OS level and the SQL server level please follow my next blog

https://blogs.msdn.microsoft.com/shreyasgowda/2018/01/12/tit-bits-2-on-recent-speculative-execution-side-channel-vulnerabilities/

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server

Hope this helps.. Happy protecting!!


Comments (0)

Skip to main content