×

Microsoft SQL Server Vulnerability CVE-2021-1636

Last week Microsoft let the world know about a venerability in SQL Server which affects all currently supported versions of SQL Server.  While it does require an extended events session to be running–All SQL Servers have a default session and it is not entirely clear if this default system session is included.

We recommend everyone running SQL Server to install the fix/patch as soon as possible.  One note for versions 2012, 2014, and 2016–you must be running a minimum service pack to apply the update so you may have two updates to apply.

The official announcement gives official details of the vulnerability and the associated risks.

This update is being made available through Windows update.  If you run your windows updates on a regular basis the update should be applied.

We recommend everyone running SQL Server to apply this security patch in a timely manner.

Frequently Asked Questions

Which versions of SQL Server are affected?

All versions of SQL Server are affected.

Will this require an outage?

Yes, your SQL Server will need to restart.  Most deployments will take about 15 minutes.

How do I know which version of SQL Server I am running?

In SQL Server Management Studio, you can run the following command:

Select @@Version

This will give you the version information you need to know which updates you need to apply.

Director of Data Solutions

With more than 10 years of working with SQL Server, Carlos helps businesses ensure their SQL Server environments meet their users’ expectations. He can provide insights on performance, migrations, and disaster recovery. He is also active in the SQL Server community and regularly speaks at user group meetings and conferences. He helps support the free database monitoring tool found at databasehealth.com and provides training through SQL Trail events.