Sql-server – Are there any outstanding critical security issues for Sql Server 2000

Securitysql-server-2000

Are there any outstanding (unpatched) security issues for Sql Server 2000?

This isn't really for me: I moved on from Sql Server 2000 long ago. However, when answering questions here and (more likely) on Stack Overflow, I'm in the habit of leaving a comment like the one at this question whenever coming across a Sql Server 2000 question. If you don't want to follow the link, it goes something like this:

Sql Server 2000 is end of life. It no longer gets any patches… not even critical security patches. It's irresponsible to continue using it. Convincing management to upgrade is job #1.

Aide from it being, well, Sql Server 2000, how much an issue is this really? In the year-plus since Sql Server 2000 went EOL, has anything big come up I could point to as a more concrete issue?

I'd look at official documentation, but as this is effectively abandonware I haven't found anything published directly by MS.

Best Answer

Are there any outstanding critical security issues for Sql Server 2000?

Yes, there are no patches available for newly discovered issues like meltdown/spectre

Microsoft only releases security patches for SQL versions that are still supported. Also notice that if you are running a supported SQL version with an unsupported service pack, you MUST upgrade to a supported service pack to have an available security patch.

4057122 Description of the security update for SQL Server 2017 GDR: January 3, 2018
4058562 Description of the security update for SQL Server 2017 RTM CU3: January 3, 2018
4058561 Description of the security update for SQL Server 2016 SP1 CU7: January 3, 2018
4057118 Description of the security update for SQL Server 2016 GDR SP1: January 3, 2018
4058559 Description of the security update for SQL Server 2016 CU: January 6, 2018
4058560 Description of the security update for SQL Server 2016 GDR: January 6, 2018
4057117 Description of the security update for SQL Server 2014 SP2 CU10: January 16, 2018
4057120 Description of the security update for SQL Server 2014 SP2 GDR: January 16, 2018
4057116 Description of the security update for SQL Server 2012 SP4 GDR: January 12, 2018
4057115 Description of the security update for SQL Server 2012 SP3 GDR: January, 2018
4057121 Description of the security update for SQL Server 2012 SP3 CU: January, 2018
4057114 Description of the security update for SQL Server 2008 SP4 GDR: January 6, 2018
4057113 Description of the security update for SQL Server 2008 R2 SP3 GDR: January 6, 2018

Protect SQL Server from attacks on Spectre and Meltdown side-channel vulnerabilities

Related Solutions

Sql-server – Table Size Analysis on SQL Server 2000

You're not using WITH ROLLUP correctly. WTIH ROLLUP creates a subtotal and/or total based upon what you tell it. You didn't specify what to call the subtotal and/or total so it is calling it NULL.

This query generates a subtotal report:

SELECT CASE WHEN (GROUPING(Item) = 1) THEN 'ALL'
            ELSE ISNULL(Item, 'UNKNOWN')
       END AS Item,
       CASE WHEN (GROUPING(Color) = 1) THEN 'ALL'
            ELSE ISNULL(Color, 'UNKNOWN')
       END AS Color,
       SUM(Quantity) AS QtySum
FROM Inventory
GROUP BY Item, Color WITH ROLLUP

Output:

Item                 Color                QtySum                     
-------------------- -------------------- -------------------------- 
Chair                Blue                 101.00                     
Chair                Red                  210.00                     
Chair                ALL                  311.00                     
Table                Blue                 124.00                     
Table                Red                  223.00                     
Table                ALL                  347.00                     
ALL                  ALL                  658.00

SQL Server 2000 – How Vulnerable Is It?

If there are faults found since it dropped out of the extended support period then unless you have paid Microsoft for extended extended support you can be pretty sure there is not a fix available to you.

Obviously you can mitigate the risk considerably by following standard practise and making sure the only machines that can touch your SQL instance are a select few application servers within your firewall(s) and making sure all of them are fully patched up & so forth.

Best Answer

Related Solutions

Sql-server – Table Size Analysis on SQL Server 2000

SQL Server 2000 – How Vulnerable Is It?

Related Question