Security Updates Available for SQL Server 2008, 2008 R2, 2012, 2014
If you are running 2008 SP3, 2008 R2 SP2, 2012 SP1 (SP2 is not affected, RTM is no longer supported), or 2014, you'll want to check out Security Bulletin MS14-044 for details on a denial of service / privilege escalation issue that has been patched:
http://technet.microsoft.com/en-us/library/security/MS14-044
For SQL Server 2012 and SQL Server 2014, I've blogged about recent builds and recommendations here:
https://sqlperformance.com/latest-builds/sql-server-2012
https://sqlperformance.com/latest-builds/sql-server-2014
MOST IMPORTANTLY: Beware that this security update may cause an issue with replication on SQL Server 2012 SP1, as reported by multiple people. If you are on 2012 SP1 and using replication, please don't install this fix until Connect #950118 has been addressed.
Thanks for reply. Yes, if you can point me to somewhere. Very less info can be found via google.
Sorry Eric, can't really troubleshoot setup issues like that remotely. Did you look for more information in the detailed log the error message pointed to?
when i tried to install QFE KB2977319 for SQL 2008R2 Sp2. it failed due to the following error(error status: 1642.)
PATCH SEQUENCER: QFE patch C:\…1033_ENU_LP\x64\setup\x64\SqlWriter.msp is not applicable.
Unknown\Absent: {E01F9CFD-F500-45A4-9060-9AC19D709720} – C:\…\1033_ENU_LP\x64\setup\x64\SqlWriter.msp
MSI (s) (D4:04) [12:02:09:241]: Product: Microsoft SQL Server VSS Writer – Update '{………}' could not be installed. Error code 1642. Additional information is available in the log file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20140905_115819\SqlWriter_Cpu64_1.log.
Any ideas?
Thanks1
Chris,
It's pretty sloppy and not explained very well anywhere, especially on the page where you have to pick which fix you want to download. For many it will be pretty logical to pick the filename with the highest build number referenced, but for the rest it will be extremely confusing. I don't envy the story they have to tell but I think they need to tell it better.
Looking more closely at KB2975402 indicates that it was fixed in SP1 CU11 build 3449, messed up in the MS14-044 build 3460 so that's why they show the builds that they do.
Also fixed in 2014 CU3.
Chris
Hi Chris,
*sigh* I have sent off a really long nasty-gram about how utterly crappy this series of issues / fixes have been handled. I hope they will revise the KB article to make sense (3467 should probably not have been offered in this KB's downloads).
So the SQL2012 SP1 fix is now out as build 3467 which also mentioned this was fixed in SP2 CU1. Also implies it was fixed in SP1 CU11 which does not make sense.
Chris
@Mli I would probably install the QFE anyway, since you get all of the cumulative update fixes instead of just this fix. But yes, strictly speaking, you should install the GDR version.
I was checking MS14-044 and see there is QFE and GDR, my version is 10.50.4000.0 (sql 2008 r2 sp2) so i think it is GDR, is that right?
I was checking MS14-044 and see there is QFE and GDR, my version is 10.50.4000.0 (sql 2008 r2 sp2) so i think it is GDR, is that right?
@Augustinius, SP2 is not affected, you do not need to worry about it.
If you are at SQL Server 2012 SP2 do you have the patch, or are you vulnerable?
@required sorry, I have no news about that.
What about the upcoming Service Packs for SQL Server 2008 and 2008 R2?