{"id":1331,"date":"2018-01-18T11:02:13","date_gmt":"2018-01-18T19:02:13","guid":{"rendered":"http:\/\/3.209.169.194\/blogs\/glenn\/?p=1331"},"modified":"2018-01-18T11:05:27","modified_gmt":"2018-01-18T19:05:27","slug":"checking-your-sql-server-instance-for-spectremeltdown-patches","status":"publish","type":"post","link":"https:\/\/www.sqlskills.com\/blogs\/glenn\/checking-your-sql-server-instance-for-spectremeltdown-patches\/","title":{"rendered":"Checking Your SQL Server Instance for Spectre\/Meltdown Patches"},"content":{"rendered":"<p><font size=\"2\">If you are running SQL Server 2008 through SQL Server 2017, you should be thinking about what you should be doing to protect your systems from the Meltdown and Spectre vulnerabilities. Microsoft has a number of KB articles that address this issue from several different perspectives. This is a good starting list:<\/font><\/p>\n<blockquote>\n<p><a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4073225\/guidance-for-sql-server\"><font size=\"2\">SQL Server Guidance to protect against speculative execution side-channel vulnerabilities<\/font><\/a>&nbsp;<font size=\"2\">(SQL Server)<\/font><\/p>\n<p><a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4072698\/windows-server-guidance-to-protect-against-the-speculative-execution\"><font size=\"2\">Windows Server guidance to protect against speculative execution side-channel vulnerabilities<\/font><\/a><font size=\"2\"> (Windows Server)<\/font><\/p>\n<p><a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4073119\/protect-against-speculative-execution-side-channel-vulnerabilities-in\"><font size=\"2\">Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities<\/font><\/a><font size=\"2\"> (Windows Client)<\/font><\/p>\n<\/blockquote>\n<p><font size=\"2\">The basic guidance is that depending on the environment where you are running SQL Server (on-premises or not, virtualized or not, in a cloud IaaS VM or not) and whether you are using any open extensibility interfaces or not (things like some types of CLR assemblies, some types of linked servers, etc.), you are going to want to strongly consider patching several layers of your system. These may include:<\/font><\/p>\n<ul>\n<li><font size=\"2\">Operating System patches<\/font><\/li>\n<li><font size=\"2\">Registry changes<\/font><\/li>\n<li><font size=\"2\">SQL Server patches<\/font><\/li>\n<li><font size=\"2\">BIOS\/UEFI updates<\/font><\/li>\n<li><font size=\"2\">Possible changes in how\/whether you use<\/font>&nbsp;<font size=\"2\">any open extensibility interfaces<\/font> <font size=\"2\">in SQL Server<\/font><\/li>\n<\/ul>\n<p><font size=\"2\">The <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4073225\/guidance-for-sql-server\">Microsoft guidance about SQL Server<\/a> gives some pretty clear scenarios and guidelines for making the decision on what to patch or change. <\/font><\/p>\n<p><font size=\"2\"><br \/><\/font><\/p>\n<p><font size=\"4\"><strong>Checking Your Operating System and Hardware<\/strong><\/font><\/p>\n<p><font size=\"2\">Once you have decided what to patch, the next issue is checking your patch and update status at all of these different layers of the system. Microsoft has a PowerShell script that lets you check the patch status of your operating system and your processor microcode (for Intel processors). <\/font><\/p>\n<p><font size=\"2\">This Microsoft KB article explains this in more detail and has a <\/font><a href=\"https:\/\/aka.ms\/SpeculationControlPS\"><font size=\"2\">link to download<\/font><\/a><font size=\"2\"> the PowerShell Module for operating systems prior to Windows Server 2016.<\/font><\/p>\n<blockquote>\n<p><a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4073119\/protect-against-speculative-execution-side-channel-vulnerabilities-in\"><font size=\"2\">Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities<\/font><\/a><\/p>\n<\/blockquote>\n<p><font size=\"2\">If you want to do a quick and easy check of a client operating system for an end-user (or your Mom) without having to deal with PoSH, you can <a href=\"https:\/\/www.grc.com\/files\/InSpectre.exe\">download<\/a> and run the <a href=\"https:\/\/www.grc.com\/inspectre.htm\">InSpectre utility<\/a> (with an easy GUI) to check the patch status of your operating system and your processor microcode.<\/font><\/p>\n<p><font size=\"2\"><br \/><\/font><\/p>\n<p><font size=\"4\"><strong>Checking SQL Server<\/strong><\/font><\/p>\n<p><font size=\"2\">Finally, you need to check your SQL Server patch status. I have developed (and had a number of people help test) a T-SQL script that will check your SQL Server instance to see whether you have installed the relevant SQL Server patches or not. This script will work on SQL Server 2008 through SQL Server 2017 for on-premises instances or for Azure IaaS instances. This is not designed to work on Azure SQL Database. You can <a href=\"https:\/\/www.dropbox.com\/s\/mji3647ysf46g6u\/CheckSpectreMeltdownStatus.sql?dl=0\">download it here<\/a>.<\/font><\/p>\n<p><font size=\"2\">Please let me know if you have any suggestions about this. I also want to thank the people who have tested this script and given me feedback!<\/font><\/p>\n<p><font size=\"2\"><br \/><\/font><\/p>\n<p><font size=\"2\"><br \/><\/font><\/p>\n<p><font size=\"2\"><br \/><\/font><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you are running SQL Server 2008 through SQL Server 2017, you should be thinking about what you should be doing to protect your systems from the Meltdown and Spectre vulnerabilities. Microsoft has a number of KB articles that address this issue from several different perspectives. This is a good starting list: SQL Server Guidance [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,343,29,30,31,156,246,342],"tags":[366,367],"class_list":["post-1331","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security","category-sql-server-2008","category-sql-server-2008-r2","category-sql-server-2012","category-sql-server-2014","category-sql-server-2016","category-sql-server-2017","tag-meltdown","tag-spectre"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Checking Your SQL Server Instance for Spectre\/Meltdown Patches - Glenn Berry<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.sqlskills.com\/blogs\/glenn\/checking-your-sql-server-instance-for-spectremeltdown-patches\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Checking Your SQL Server Instance for Spectre\/Meltdown Patches - Glenn Berry\" \/>\n<meta property=\"og:description\" content=\"If you are running SQL Server 2008 through SQL Server 2017, you should be thinking about what you should be doing to protect your systems from the Meltdown and Spectre vulnerabilities. Microsoft has a number of KB articles that address this issue from several different perspectives. This is a good starting list: SQL Server Guidance [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.sqlskills.com\/blogs\/glenn\/checking-your-sql-server-instance-for-spectremeltdown-patches\/\" \/>\n<meta property=\"og:site_name\" content=\"Glenn Berry\" \/>\n<meta property=\"article:published_time\" content=\"2018-01-18T19:02:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-01-18T19:05:27+00:00\" \/>\n<meta name=\"author\" content=\"Glenn Berry\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Glenn Berry\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/glenn\/checking-your-sql-server-instance-for-spectremeltdown-patches\/\",\"url\":\"https:\/\/www.sqlskills.com\/blogs\/glenn\/checking-your-sql-server-instance-for-spectremeltdown-patches\/\",\"name\":\"Checking Your SQL Server Instance for Spectre\/Meltdown Patches - Glenn Berry\",\"isPartOf\":{\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/glenn\/#website\"},\"datePublished\":\"2018-01-18T19:02:13+00:00\",\"dateModified\":\"2018-01-18T19:05:27+00:00\",\"author\":{\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/glenn\/#\/schema\/person\/57a8972435106bac7970692fcf5edfa7\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/glenn\/checking-your-sql-server-instance-for-spectremeltdown-patches\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.sqlskills.com\/blogs\/glenn\/checking-your-sql-server-instance-for-spectremeltdown-patches\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/glenn\/checking-your-sql-server-instance-for-spectremeltdown-patches\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.sqlskills.com\/blogs\/glenn\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Checking Your SQL Server Instance for Spectre\/Meltdown Patches\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/glenn\/#website\",\"url\":\"https:\/\/www.sqlskills.com\/blogs\/glenn\/\",\"name\":\"Glenn Berry\",\"description\":\"Semi-random musings about SQL Server performance\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.sqlskills.com\/blogs\/glenn\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/glenn\/#\/schema\/person\/57a8972435106bac7970692fcf5edfa7\",\"name\":\"Glenn Berry\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/glenn\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/64bdac8830f25f2f8cc780f8a1286c66ff1182218009271e7a953639596f7e25?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/64bdac8830f25f2f8cc780f8a1286c66ff1182218009271e7a953639596f7e25?s=96&d=mm&r=g\",\"caption\":\"Glenn Berry\"},\"sameAs\":[\"https:\/\/www.sqlskills.com\/blogs\/glenn\/\"],\"url\":\"https:\/\/www.sqlskills.com\/blogs\/glenn\/author\/glenn\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Checking Your SQL Server Instance for Spectre\/Meltdown Patches - Glenn Berry","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.sqlskills.com\/blogs\/glenn\/checking-your-sql-server-instance-for-spectremeltdown-patches\/","og_locale":"en_US","og_type":"article","og_title":"Checking Your SQL Server Instance for Spectre\/Meltdown Patches - Glenn Berry","og_description":"If you are running SQL Server 2008 through SQL Server 2017, you should be thinking about what you should be doing to protect your systems from the Meltdown and Spectre vulnerabilities. Microsoft has a number of KB articles that address this issue from several different perspectives. This is a good starting list: SQL Server Guidance [&hellip;]","og_url":"https:\/\/www.sqlskills.com\/blogs\/glenn\/checking-your-sql-server-instance-for-spectremeltdown-patches\/","og_site_name":"Glenn Berry","article_published_time":"2018-01-18T19:02:13+00:00","article_modified_time":"2018-01-18T19:05:27+00:00","author":"Glenn Berry","twitter_misc":{"Written by":"Glenn Berry","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.sqlskills.com\/blogs\/glenn\/checking-your-sql-server-instance-for-spectremeltdown-patches\/","url":"https:\/\/www.sqlskills.com\/blogs\/glenn\/checking-your-sql-server-instance-for-spectremeltdown-patches\/","name":"Checking Your SQL Server Instance for Spectre\/Meltdown Patches - Glenn Berry","isPartOf":{"@id":"https:\/\/www.sqlskills.com\/blogs\/glenn\/#website"},"datePublished":"2018-01-18T19:02:13+00:00","dateModified":"2018-01-18T19:05:27+00:00","author":{"@id":"https:\/\/www.sqlskills.com\/blogs\/glenn\/#\/schema\/person\/57a8972435106bac7970692fcf5edfa7"},"breadcrumb":{"@id":"https:\/\/www.sqlskills.com\/blogs\/glenn\/checking-your-sql-server-instance-for-spectremeltdown-patches\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.sqlskills.com\/blogs\/glenn\/checking-your-sql-server-instance-for-spectremeltdown-patches\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.sqlskills.com\/blogs\/glenn\/checking-your-sql-server-instance-for-spectremeltdown-patches\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.sqlskills.com\/blogs\/glenn\/"},{"@type":"ListItem","position":2,"name":"Checking Your SQL Server Instance for Spectre\/Meltdown Patches"}]},{"@type":"WebSite","@id":"https:\/\/www.sqlskills.com\/blogs\/glenn\/#website","url":"https:\/\/www.sqlskills.com\/blogs\/glenn\/","name":"Glenn Berry","description":"Semi-random musings about SQL Server performance","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.sqlskills.com\/blogs\/glenn\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.sqlskills.com\/blogs\/glenn\/#\/schema\/person\/57a8972435106bac7970692fcf5edfa7","name":"Glenn Berry","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.sqlskills.com\/blogs\/glenn\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/64bdac8830f25f2f8cc780f8a1286c66ff1182218009271e7a953639596f7e25?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/64bdac8830f25f2f8cc780f8a1286c66ff1182218009271e7a953639596f7e25?s=96&d=mm&r=g","caption":"Glenn Berry"},"sameAs":["https:\/\/www.sqlskills.com\/blogs\/glenn\/"],"url":"https:\/\/www.sqlskills.com\/blogs\/glenn\/author\/glenn\/"}]}},"_links":{"self":[{"href":"https:\/\/www.sqlskills.com\/blogs\/glenn\/wp-json\/wp\/v2\/posts\/1331","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sqlskills.com\/blogs\/glenn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sqlskills.com\/blogs\/glenn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sqlskills.com\/blogs\/glenn\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sqlskills.com\/blogs\/glenn\/wp-json\/wp\/v2\/comments?post=1331"}],"version-history":[{"count":0,"href":"https:\/\/www.sqlskills.com\/blogs\/glenn\/wp-json\/wp\/v2\/posts\/1331\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.sqlskills.com\/blogs\/glenn\/wp-json\/wp\/v2\/media?parent=1331"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sqlskills.com\/blogs\/glenn\/wp-json\/wp\/v2\/categories?post=1331"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sqlskills.com\/blogs\/glenn\/wp-json\/wp\/v2\/tags?post=1331"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}