UCF STIG Viewer Logo

The latest security patches should be installed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-5659 DG0003-SQLServer9 SV-24117r2_rule VIVM-1 Medium
Description
Maintaining the currency of the software version protects the database from known vulnerabilities.
STIG Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide 2015-06-16

Details

Check Text ( C-19492r2_chk )
From the query prompt:

SELECT CONVERT(CHAR(13), SERVERPROPERTY('ProductVersion'))

Where format is in major.minor.build

From the query prompt:

SELECT CONVERT(CHAR(3), SERVERPROPERTY('ProductLevel'))

Where value:

RTM = Original release version (no service packs installed)
SPn = Service Pack Level

Note: HOTFIXes are generated and applied to specific Service Packs and are reflected in the Product Version build segment as an incremental version.

Product Release Service Pack Product Version
SQL Server 9 (2005) SP3 9.00.4230

For any product listed above, if the Product Version is the same or numerically higher than what is listed above, this is Not a Finding. If the Product Version is numerically lower, this is a Finding.

Note: If any update has been released that is deemed by Microsoft to be a critical update, this check should be assigned a Severity Category of I.

Supported versions and Service Packs are listed on the Microsoft web sites:

http://support.microsoft.com/gp/lifeselectserv
http://support.microsoft.com/kb/321185/en-us (lists version numbers)
Fix Text (F-19563r1_fix)
Upgrade to the latest SQL Server Service Pack. Apply all applicable Microsoft SQL Server critical updates and HOTFIXes.