Forum Discussion
Unpatched known vulnerabilities SQL Server 2019 GDR
- Hello
I'll suggest you to apply SQL 2019 CU 28 (15.0.4385.2 - August 2024) , which includes the latest GDR released (15.0.4382.1 - July 2024)
https://learn.microsoft.com/en-us/troubleshoot/sql/releases/sqlserver-2019/cumulativeupdate28
I'll suggest you to apply SQL 2019 CU 28 (15.0.4385.2 - August 2024) , which includes the latest GDR released (15.0.4382.1 - July 2024)
https://learn.microsoft.com/en-us/troubleshoot/sql/releases/sqlserver-2019/cumulativeupdate28
Why would installing KB5039747 make a difference for this particular security issue?
I understand that GDR-updates should contain all security related fixes. Where can I find that installing this patch will resolve this?
Also the CVE's I mentioned are very old already, which make me doubt this:
CVE-2015-6420 ---> published 2015-12-15
CVE-2017-15708 --> published 2017-12-11
I'm asking this, because I don't want to take any risks with this SQL Server installation since it's being used for quite an old application at the time and the software is being maintained by a software supplier who, given our experience with them, aren't going to resolve potential issues quickly.
My goal is to merely resolve these vulnerabilities without taking too much risks.
So I took the effort to install this SQL Server 2019 in a test VM-environment and I did apply KB5039747 (version 15.0.4385.2) and indeed the commons-collections-3.2.1.jar is updated to commons-collections-3.2.2.jar
The date of this file is the 25th of July 2024, so pretty recent. Can I assume this fix will be applied in the next https://learn.microsoft.com/nl-nl/troubleshoot/sql/releases/sqlserver-2019/build-versions#sql-server-2019-gdr-builds through Windows Update?
Unfortunately installing https://support.microsoft.com/en-us/topic/kb5042214-description-of-the-security-update-for-sql-server-2019-gdr-september-10-2024-a178ef94-4df8-452f-a1b8-f70d7ab7745f didn't update the commons-collections-3.2.1.jar-files in
- C:\Program Files (x86)\Microsoft SQL Server\150\DTS\Extensions\Common\Jars
- C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars