Are there any outstanding (unpatched) security issues for Sql Server 2000?
This isn't really for me: I moved on from Sql Server 2000 long ago. However, when answering questions here and (more likely) on Stack Overflow, I'm in the habit of leaving a comment like the one at this question whenever coming across a Sql Server 2000 question. If you don't want to follow the link, it goes something like this:
Sql Server 2000 is end of life. It no longer gets any patches… not even critical security patches. It's irresponsible to continue using it. Convincing management to upgrade is job #1.
Aide from it being, well, Sql Server 2000, how much an issue is this really? In the year-plus since Sql Server 2000 went EOL, has anything big come up I could point to as a more concrete issue?
I'd look at official documentation, but as this is effectively abandonware I haven't found anything published directly by MS.
Best Answer
Yes, there are no patches available for newly discovered issues like meltdown/spectre
Microsoft only releases security patches for SQL versions that are still supported. Also notice that if you are running a supported SQL version with an unsupported service pack, you MUST upgrade to a supported service pack to have an available security patch.
Protect SQL Server from attacks on Spectre and Meltdown side-channel vulnerabilities