The security bulletin does not list SQL Server 2008 SP3 under affected software but it came out prior to that service pack. We are running SP3 but this issue is still showing up on a vulnerability scan. Does anyone know for sure if this is a false positive? I only found one forum post where someone said SP3 "should" include this security update.
Sql-server – Does Microsoft Security Bulletin MS11-049 affect SQL Server 2008 SP3
Securitysql-server-2008windows
Related Question
- Sql-server – SQL Server Security Hierarchy
- Sql-server – Receiving error Error: 18059, Severity: 20, State: 1 in the SQL Logs
- DB2 9.7 LUW – How to SET SESSION_USER when I am DBADM,SECADM
- Sql-server – Does SQL server 2008 log instance level security permission changes
- Sql-server – Linked Server Security under SQL Agent Job Context
- SQL Server Indexing – ROW_NUMBER() OVER (PARTITION BY) Not Using Index
Best Answer
Scroll down to
Security Update Deployment
and open that up. Then openSQL Server 2008
. You will see that SP3 includes this fix.If your tool is reporting this problem because it doesn't detect the patch then one of the following is true:
If your tool is reporting the problem because it's using an exploit to test the vulnerability, then I would take that up with Microsoft.