Skip to content

SQL Server Security Patch – June 2011

Microsoft has recently released an important security path to fix the XML editor vulnerability (As per Microsoft Security Bulletin MS11-049). Infected software includes SQL Server 2005, 2008 and 2008 R2 also.

For SQL Server there are GDR software updates and QFE software updates.

How to determine, which patch to apply?

If you are running SQL Server 2005

SQL Server Version Range and update to apply

9.00.4035 – 9.00.4059                 SQL Server 2005 Service Pack 3 GDR (KB2494113)

9.00.4205 – 9.00.4339                 SQL Server 2005 Service Pack 3 QFE (KB2494112)

9.00.5000 – 9.00.5056                 SQL Server 2005 Service Pack 4 GDR (KB2494120)

9.00.5254 – 9.00.5291                 SQL Server 2005 Service Pack 4 QFE (KB2494123)

If you are running SQL Server 2008

SQL Server Version Range and update to apply

10.00.2531-10.00.2572               SQL Server 2008 Service Pack 1 GDR (KB2494096)

10.00.2710-10.00.2840              SQL Server 2008 Service Pack 1 QFE (KB2494100)

10.00.4000-10.00.4063              SQL Server 2008 Service Pack 2 GDR (KB2494089)

10.00.4260-10.00.4310              SQL Server 2008 Service Pack 2 QFE (KB2494094)

If you are running SQL Server 2008 R2

SQL Server Version Range and update to apply

10.50.1601.1-10.50.1616           SQL Server 2008 R2 GDR (KB2494088)

10.50.1701-10.50.1789                SQL Server 2008 R2 QFE (KB2494086)

 

As per Microsoft website, if you are running any other version of SQL Server then you are on unsupported version and you need to upgrade to any of the above version in order to apply this security patch.

Full details and Source: – http://www.microsoft.com/technet/security/bulletin/MS11-049.mspx

Although applying this security path is quite easy but in next few articles I will guide you through this process for following: –

1)     Applying GDR update on SQL Server 2005 SP3

2)     Applying GDR update on SQL Server 2008 SP1

3)     Applying QFE update on SQL Server 2008 R2