Forum Discussion

MaheshKS's avatar
MaheshKS
Copper Contributor
Jan 25, 2024

Need help to figure the solution for recent vulnerabilities report in my DB host server.

Dear Experts,

 

During recent scans, below vulnerability was reported in my Stage database server, this is my current DB version Microsoft SQL Server 2019 (RTM-CU23) (KB5030333) - 15.0.4335.1 (X64).

 

This scan item we keep coming on every scan item and need to a proper solution to fix. we have applied the patch- KB5030333 but still issue was reported. Even though planning to apply the Jan 2024 patch SQL db patch but i'm not confident if the patch will fix this scan or not as this scan item is coming from 2023 July onwards and after that we have applied JNS and OND patches as well. but again in jan scans this item came in.

 

Need your expertise to understand the real cause of this scan and how to fix the same.

 

Note: I'm very new to SQL DB and started learning from last 4-5 months.

 

Vulnerability Title

Vulnerability Description

Vulnerability Proof

Vulnerability Solution

Microsoft SQL Server Obsolete Version: Remote

An obsolete version of the Microsoft SQL database server is running. Note: When the support period ends for a Microsoft SQL Server product, no further patches will be provided even for serious security problems.

* Running TDS service

* Product SQL Server 2008 found in fingerprint is not SQL Server 2000

* Product SQL Server 2008 found in fingerprint is not SQL Server 2005

* Product SQL Server 2008 exists -- Microsoft SQL Server 2008 10.0.2531

Upgrade to the latest version of Microsoft SQL Server

Download and apply the upgrade from:  http://technet.microsoft.com/sqlserver

    • MaheshKS's avatar
      MaheshKS
      Copper Contributor
      Jan 30, 2024
      Thanks Olafhelper for your time and response on my query.

      This report was generated by my internal scan team by using SCAN tool, based on the scan report we will fix the reported item either by applying the patch or any config changes as per the policy.

      May I know what is the TDS service mentioned in scan report.

      Also I downloads the SQL servers patches from https://catalog.update.microsoft.com/Search.aspx?q=SQL%20Server%202019%20, can you please look and confirm this is right site where to download the MS patches.
      • olafhelper's avatar
        olafhelper
        Bronze Contributor
        Jan 30, 2024

         

        May I know what is the TDS service mentioned in scan report.

        MaheshKS , already this little point shows, that the report isn't the smartest one.

        TDS = "Tablular Data Stream", it's a communication protocoll; not a service

        Tabular Data Stream - Wikipedia

         

  • Javier_Villegas's avatar
    Javier_Villegas
    MVP
    Jan 29, 2024
    The version you are reporting here is fully supported so I’ll suggest you to check if there is another instance running on the same server (maybe service is stopped) and/or another old sql component
    • MaheshKS's avatar
      MaheshKS
      Copper Contributor
      Jan 30, 2024
      Thanks Javier for your time and response on my query.

      Thanks Olafhelper for your time and response on my query.

      There is no other DB Instance running on this server, even we this reported scan item in Prod as well and Scan team requesting us to fix ASAP.

      May I know what is the actual TDS is and what is problem, how to fix this reported scan, any guidance on this will be really appreciate.

      Also I downloads the SQL servers patches from https://catalog.update.microsoft.com/Search.aspx?q=SQL%20Server%202019%20, can you please look and confirm this is right site where to download the MS patches.
  • EmadAl-Mousa's avatar
    EmadAl-Mousa
    Copper Contributor
    Feb 03, 2024
    Hi,

    Do you have SQL Server 2008 installed on the same server/machine ?

    In windows go to "Control Panel" then to "Programs" then to "Uninstall a Program" ...check your list of installed software...do you SQL Server 2008 installed ?

    Another way search in windows for SQL Server Configuration Manager

    Regards
    Emad

    • MaheshKS's avatar
      MaheshKS
      Copper Contributor
      Feb 06, 2024

      Hi EmadAl-Mousa ,

       

      Thanks for your time and reply.

      Below are list of software's installed on my DB server which pulled using below command for your reference, I can't see any 2008 SQL software installed.

       

      Command - Get-WmiObject -Class Win32_Product | select Name, Version

       

      Name                                               Version
      ---------------------------------------------------
      SQL Server 2019 Distributed Replay 15.0.2000.5
      SQL Server 2019 Data quality client 15.0.2000.5
      Microsoft SQL Server 2019 T-SQL Language Service 15.0.2000.5
      SQL Server 2019 Data quality service 15.0.2000.5
      SQL Server 2019 Client Tools Extensions 15.0.2000.5
      SQL Server 2019 XEvent 15.0.2000.5
      SQL Server 2019 Connection Info 15.0.2000.5
      SQL Server 2019 DMF 15.0.2000.5
      Microsoft OLE DB Driver for SQL Server 18.6.7.0
      SQL Server 2019 Client Tools 15.0.2000.5
      Microsoft SQL Server 2019 Setup (English) 15.0.4345.5
      SQL Server 2019 SQL Data Quality Common 15.0.2000.5
      Microsoft VSS Writer for SQL Server 2019 15.0.2000.5
      SQL Server 2019 Client Tools Extensions 15.0.2000.5
      SQL Server 2019 Data quality client 15.0.2000.5
      SQL Server 2019 Connection Info 15.0.2000.5
      SQL Server 2019 Client Tools 15.0.2000.5
      Microsoft ODBC Driver 17 for SQL Server 17.10.5.1
      SQL Server 2019 Integration Services Worker Agent 15.0.2000.5
      SQL Server 2019 Database Engine Shared 15.0.2000.5
      Browser for SQL Server 2019 15.0.2000.5
      Microsoft SQL Server 2012 Native Client 11.4.7462.6
      SQL Server 2019 DMF 15.0.2000.5
      SQL Server 2019 Shared Management Objects Extensions 15.0.2000.5
      SQL Server 2019 SQL Diagnostics 15.0.2000.5
      SQL Server Management Studio for Analysis Services 15.0.18338.0
      SQL Server 2019 Master Data Services 15.0.4345.5
      SQL Server 2019 Shared Management Objects 15.0.2000.5
      SQL Server 2019 Common Files 15.0.2000.5
      SQL Server 2019 SQL Polybase 15.0.2000.5
      SQL Server 2019 Distributed Replay 15.0.2000.5
      SQL Server Management Studio 15.0.18338.0
      SQL Server 2019 Shared Management Objects Extensions 15.0.2000.5
      SQL Server 2019 Master Data Services 15.0.4345.5
      SQL Server 2019 Batch Parser 15.0.2000.5
      SQL Server 2019 Integration Services Master Service 15.0.2000.5
      Microsoft SQL Server 2019 RsFx Driver 15.0.4345.5
      SQL Server 2019 Shared Management Objects 15.0.2000.5
      SQL Server 2019 Full text search 15.0.2000.5
      SQL Server 2019 Data quality service 15.0.2000.5
      SQL Server 2019 Database Engine Services 15.0.2000.5
      SQL Server 2019 Integration Services 15.0.2000.5
      SQL Server 2019 Database Engine Shared 15.0.2000.5
      SQL Server 2019 Integration Services 15.0.2000.5
      SQL Server 2019 Common Files 15.0.2000.5
      SQL Server 2019 Integration Services Worker Agent 15.0.2000.5
      SQL Server 2019 XEvent 15.0.2000.5
      SQL Server 2019 Database Engine Services 15.0.2000.5
      SQL Server 2019 Distributed Replay 15.0.2000.5
      SQL Server 2019 Distributed Replay 15.0.2000.5
      SQL Server 2019 Integration Services Master Service 15.0.2000.5
      SQL Server Management Studio for Reporting Services 15.0.18338.0
      SQL Server Management Studio 15.0.18338.0

       

      Mahesh

      • Javier_Villegas's avatar
        Javier_Villegas
        MVP
        Feb 06, 2024
        I see you have SQL Server Management Studio 15 installed. and SSRS 15.
        you should consider uninstalling SSMS 15 and install the latest 19 aka.ms/SSMS
        Also download the latest SSRS for version 15 and upgrade the one you have

        Regards
        Javier

Resources