patternMinor
Are there any outstanding critical security issues for Sql Server 2000?
Viewed 0 times
2000criticalareissuesanysqloutstandingsecurityforserver
Problem
Are there any outstanding (unpatched) security issues for Sql Server 2000?
This isn't really for me: I moved on from Sql Server 2000 long ago. However, when answering questions here and (more likely) on Stack Overflow, I'm in the habit of leaving a comment like the one at this question whenever coming across a Sql Server 2000 question. If you don't want to follow the link, it goes something like this:
Sql Server 2000 is end of life. It no longer gets any patches... not even critical security patches. It's irresponsible to continue using it. Convincing management to upgrade is job #1.
Aide from it being, well, Sql Server 2000, how much an issue is this really? In the year-plus since Sql Server 2000 went EOL, has anything big come up I could point to as a more concrete issue?
I'd look at official documentation, but as this is effectively abandonware I haven't found anything published directly by MS.
This isn't really for me: I moved on from Sql Server 2000 long ago. However, when answering questions here and (more likely) on Stack Overflow, I'm in the habit of leaving a comment like the one at this question whenever coming across a Sql Server 2000 question. If you don't want to follow the link, it goes something like this:
Sql Server 2000 is end of life. It no longer gets any patches... not even critical security patches. It's irresponsible to continue using it. Convincing management to upgrade is job #1.
Aide from it being, well, Sql Server 2000, how much an issue is this really? In the year-plus since Sql Server 2000 went EOL, has anything big come up I could point to as a more concrete issue?
I'd look at official documentation, but as this is effectively abandonware I haven't found anything published directly by MS.
Solution
Are there any outstanding critical security issues for Sql Server 2000?
Yes, there are no patches available for newly discovered issues like meltdown/spectre
Microsoft only releases security patches for SQL versions that are still supported. Also notice that if you are running a supported SQL version with an unsupported service pack, you MUST upgrade to a supported service pack to have an available security patch.
Protect SQL Server from attacks on Spectre and Meltdown side-channel vulnerabilities
Yes, there are no patches available for newly discovered issues like meltdown/spectre
Microsoft only releases security patches for SQL versions that are still supported. Also notice that if you are running a supported SQL version with an unsupported service pack, you MUST upgrade to a supported service pack to have an available security patch.
- 4057122 Description of the security update for SQL Server 2017 GDR: January 3, 2018
- 4058562 Description of the security update for SQL Server 2017 RTM CU3: January 3, 2018
- 4058561 Description of the security update for SQL Server 2016 SP1 CU7: January 3, 2018
- 4057118 Description of the security update for SQL Server 2016 GDR SP1: January 3, 2018
- 4058559 Description of the security update for SQL Server 2016 CU: January 6, 2018
- 4058560 Description of the security update for SQL Server 2016 GDR: January 6, 2018
- 4057117 Description of the security update for SQL Server 2014 SP2 CU10: January 16, 2018
- 4057120 Description of the security update for SQL Server 2014 SP2 GDR: January 16, 2018
- 4057116 Description of the security update for SQL Server 2012 SP4 GDR: January 12, 2018
- 4057115 Description of the security update for SQL Server 2012 SP3 GDR: January, 2018
- 4057121 Description of the security update for SQL Server 2012 SP3 CU: January, 2018
- 4057114 Description of the security update for SQL Server 2008 SP4 GDR: January 6, 2018
- 4057113 Description of the security update for SQL Server 2008 R2 SP3 GDR: January 6, 2018
Protect SQL Server from attacks on Spectre and Meltdown side-channel vulnerabilities
Context
StackExchange Database Administrators Q#87189, answer score: 3
Revisions (0)
No revisions yet.