V-40945 – SQL Server 2012 Database Instance DISA STIGs

If you have any additional questions that aren’t addressed in the blog, feel free to contact me. I’d be more than happy to help you out!


Title: “Vendor-supported software and patches must be evaluated and patched against newly found vulnerabilities.”

Severity = High

Details = Check Microsoft’s list of supported SQL Server versions http://www.microsoft.com/sqlserver/en/us/support/support-updates.aspx

To be considered supported, Microsoft must report that the version is supported by security patches to known vulnerabilities.

Check SQL Server version by running the following script:

print @@version

If the security patch support for SQL Server cannot be determined or SQL Server version is not shown as supported, this is a finding.

If SQL Server does not contain the latest security patches, this is a finding.

FIX: Upgrade SQL Server to the Microsoft-supported version.

Apply the latest SQL Server patches after evaluation of impact.

This fix is self-explanatory. Run the command above and see what version you are running. Go to SQL Server Updates (by Brent Ozar) and check if you have the latest Service Pack or Cumulative Update. If not, update. If so, close this “Not a Finding.”

*NOTE: Test any service packs or cumulative updates on a test / staging server first!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.