asked
MS14-044 Vulnerability Still coming after Applying SQL Server 2008 R2 SP3
Hello , We have update one of our server with SQL Server 2008 SP4. Our information Security team infomed us that SQL Vulnerability MS14-044 has been detected. I have checked and found this Vulnerability is for SP3 version, it has been fixed by applying QFE(2977319) or GDR (2977320). It also said if we update the system with latest service pack SP, this Vulnerability will be removed. Please let me know even after applying the SP4 why this Vulnerability is coming. Thanks & Regards Basit K
This vulnerability is specifically listed as one of the two items fixed by SP3 -
http://support.microsoft.com/kb/2979597 Is there any chance that you have another instance on the machine? What is returned by `SELECT @@Version` ?
OK, there seems to be a lot of confusion over what version of SQL Server you are running. Your question title says SQL Server 2008 R2, in the question itself you say SQL Server 2008 and you declare that the results of @@VERSION is 9.00.5000 which is SQL Server 2005. If you have 2005 sp4 (ie 9.00.5000.00) then it is in extended support and wont have any further service packs provided. It is however listed as a non-affected version on
https://technet.microsoft.com/en-us/library/security/ms14-044.aspx. You can reference which version is which at
http://support.microsoft.com/kb/321185.
15 People are following this question.
