SQL Server 2017 Cumulative Update 5

On March 20, 2018, Microsoft released SQL Server 2017 Cumulative Update 5, which is Build 14.0.3023.8. I count 14 hotfixes in the public fix list. It is good to see Microsoft getting back on schedule for their first year CU releases for SQL Server 2017, which are supposed to happen every month.

There are quite a few fixes for performance and the database engine area in this CU. Remember, there are not going to be any Service Packs for SQL Server 2017, so you are going to want to test and deploy SQL Server 2017 Cumulative Updates as they become available.

As always, I think it is a good idea to make an effort to stay current on Cumulative Updates, as does Microsoft.

SQL Server 2017 Cumulative Update 4

On February 20, 2018, Microsoft released SQL Server 2017 Cumulative Update 4, which is Build 14.0.3022.28. I count 55 hotfixes in the public fix list. There is a special T-SQL script in the release notes that you need to run if you are using Query Store and previously ever had SQL Server 2017 CU2 installed (and you were using Query Store on any of your databases at that time). The script will look for any plans that were forced while you were running SQL Server 2017 CU2, and if it finds any, it will unforce them, and then clear them from Query Store.

There are also quite a few updates for Columnstore indexes and for Availability Groups. Remember, there are not going to be any Service Packs for SQL Server 2017, so you are going to want to test and deploy SQL Server 2017 Cumulative Updates as they become available.

As always, I think it is a good idea to make an effort to stay current on Cumulative Updates, as does Microsoft.

Checking Your SQL Server Instance for Spectre/Meltdown Patches

If you are running SQL Server 2008 through SQL Server 2017, you should be thinking about what you should be doing to protect your systems from the Meltdown and Spectre vulnerabilities. Microsoft has a number of KB articles that address this issue from several different perspectives. This is a good starting list:

SQL Server Guidance to protect against speculative execution side-channel vulnerabilities (SQL Server)

Windows Server guidance to protect against speculative execution side-channel vulnerabilities (Windows Server)

Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities (Windows Client)

The basic guidance is that depending on the environment where you are running SQL Server (on-premises or not, virtualized or not, in a cloud IaaS VM or not) and whether you are using any open extensibility interfaces or not (things like some types of CLR assemblies, some types of linked servers, etc.), you are going to want to strongly consider patching several layers of your system. These may include:

  • Operating System patches
  • Registry changes
  • SQL Server patches
  • BIOS/UEFI updates
  • Possible changes in how/whether you use any open extensibility interfaces in SQL Server

The Microsoft guidance about SQL Server gives some pretty clear scenarios and guidelines for making the decision on what to patch or change.


Checking Your Operating System and Hardware

Once you have decided what to patch, the next issue is checking your patch and update status at all of these different layers of the system. Microsoft has a PowerShell script that lets you check the patch status of your operating system and your processor microcode (for Intel processors).

This Microsoft KB article explains this in more detail and has a link to download the PowerShell Module for operating systems prior to Windows Server 2016.

Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities

If you want to do a quick and easy check of a client operating system for an end-user (or your Mom) without having to deal with PoSH, you can download and run the InSpectre utility (with an easy GUI) to check the patch status of your operating system and your processor microcode.


Checking SQL Server

Finally, you need to check your SQL Server patch status. I have developed (and had a number of people help test) a T-SQL script that will check your SQL Server instance to see whether you have installed the relevant SQL Server patches or not. This script will work on SQL Server 2008 through SQL Server 2017 for on-premises instances or for Azure IaaS instances. This is not designed to work on Azure SQL Database. You can download it here.

Please let me know if you have any suggestions about this. I also want to thank the people who have tested this script and given me feedback!