Need help to figure the solution for recent vulnerabilities report in my DB host server.

Copper Contributor

Dear Experts,

 

During recent scans, below vulnerability was reported in my Stage database server, this is my current DB version Microsoft SQL Server 2019 (RTM-CU23) (KB5030333) - 15.0.4335.1 (X64).

 

This scan item we keep coming on every scan item and need to a proper solution to fix. we have applied the patch- KB5030333 but still issue was reported. Even though planning to apply the Jan 2024 patch SQL db patch but i'm not confident if the patch will fix this scan or not as this scan item is coming from 2023 July onwards and after that we have applied JNS and OND patches as well. but again in jan scans this item came in.

 

Need your expertise to understand the real cause of this scan and how to fix the same.

 

Note: I'm very new to SQL DB and started learning from last 4-5 months.

 

Vulnerability Title

Vulnerability Description

Vulnerability Proof

Vulnerability Solution

Microsoft SQL Server Obsolete Version: Remote

An obsolete version of the Microsoft SQL database server is running. Note: When the support period ends for a Microsoft SQL Server product, no further patches will be provided even for serious security problems.

* Running TDS service

* Product SQL Server 2008 found in fingerprint is not SQL Server 2000

* Product SQL Server 2008 found in fingerprint is not SQL Server 2005

* Product SQL Server 2008 exists -- Microsoft SQL Server 2008 10.0.2531

Upgrade to the latest version of Microsoft SQL Server

Download and apply the upgrade from:  http://technet.microsoft.com/sqlserver

12 Replies

 


this is my current DB version Microsoft SQL Server 2019 (RTM-CU23) (KB5030333) - 15.0.4335.1 (X64).

@MaheshKS 

 Where is that report from?

I don't understand what it's like to tell use. For me the report is a bit confusing.

But your patch level RTM-CU23 is fine, see 

Microsoft SQL Server Versions List (sqlserverbuilds.blogspot.com)

The version you are reporting here is fully supported so I’ll suggest you to check if there is another instance running on the same server (maybe service is stopped) and/or another old sql component
Thanks Olafhelper for your time and response on my query.

This report was generated by my internal scan team by using SCAN tool, based on the scan report we will fix the reported item either by applying the patch or any config changes as per the policy.

May I know what is the TDS service mentioned in scan report.

Also I downloads the SQL servers patches from https://catalog.update.microsoft.com/Search.aspx?q=SQL%20Server%202019%20, can you please look and confirm this is right site where to download the MS patches.
Thanks Javier for your time and response on my query.

Thanks Olafhelper for your time and response on my query.

There is no other DB Instance running on this server, even we this reported scan item in Prod as well and Scan team requesting us to fix ASAP.

May I know what is the actual TDS is and what is problem, how to fix this reported scan, any guidance on this will be really appreciate.

Also I downloads the SQL servers patches from https://catalog.update.microsoft.com/Search.aspx?q=SQL%20Server%202019%20, can you please look and confirm this is right site where to download the MS patches.

 

May I know what is the TDS service mentioned in scan report.

@MaheshKS , already this little point shows, that the report isn't the smartest one.

TDS = "Tablular Data Stream", it's a communication protocoll; not a service

Tabular Data Stream - Wikipedia

 

Thanks for your response olafhelper.

Is there any way of disabling the TDS without impacting the current Setup or its mandate to have for DB. (pardon me for dumb question but wanted to get clarified).

Also in my scan report, some old version SQL version fingerprint is found, how to figure from where they found that and how to fix it?

 


@MaheshKS wrote:
Is there any way of disabling the TDS without impacting the current Setup

Have your read my previous post? TDS is the communication protocoll, and if you could disable it, you can throw your SQL Server away: Unuseable.

how to figure from where they found that and how to fix it?

The report don't mention any detail and we can't guess them.

 

That all don't make my sense.

This kind of report/tool is in the way: You paid for it, so if generate an output, doesn't matter if it's meanfull.

 

 

 

Hi,

Do you have SQL Server 2008 installed on the same server/machine ?

In windows go to "Control Panel" then to "Programs" then to "Uninstall a Program" ...check your list of installed software...do you SQL Server 2008 installed ?

Another way search in windows for SQL Server Configuration Manager

Regards
Emad

Hi @EmadAl-Mousa ,

 

Thanks for your time and reply.

Below are list of software's installed on my DB server which pulled using below command for your reference, I can't see any 2008 SQL software installed.

 

Command - Get-WmiObject -Class Win32_Product | select Name, Version

 

Name                                               Version
---------------------------------------------------
SQL Server 2019 Distributed Replay 15.0.2000.5
SQL Server 2019 Data quality client 15.0.2000.5
Microsoft SQL Server 2019 T-SQL Language Service 15.0.2000.5
SQL Server 2019 Data quality service 15.0.2000.5
SQL Server 2019 Client Tools Extensions 15.0.2000.5
SQL Server 2019 XEvent 15.0.2000.5
SQL Server 2019 Connection Info 15.0.2000.5
SQL Server 2019 DMF 15.0.2000.5
Microsoft OLE DB Driver for SQL Server 18.6.7.0
SQL Server 2019 Client Tools 15.0.2000.5
Microsoft SQL Server 2019 Setup (English) 15.0.4345.5
SQL Server 2019 SQL Data Quality Common 15.0.2000.5
Microsoft VSS Writer for SQL Server 2019 15.0.2000.5
SQL Server 2019 Client Tools Extensions 15.0.2000.5
SQL Server 2019 Data quality client 15.0.2000.5
SQL Server 2019 Connection Info 15.0.2000.5
SQL Server 2019 Client Tools 15.0.2000.5
Microsoft ODBC Driver 17 for SQL Server 17.10.5.1
SQL Server 2019 Integration Services Worker Agent 15.0.2000.5
SQL Server 2019 Database Engine Shared 15.0.2000.5
Browser for SQL Server 2019 15.0.2000.5
Microsoft SQL Server 2012 Native Client 11.4.7462.6
SQL Server 2019 DMF 15.0.2000.5
SQL Server 2019 Shared Management Objects Extensions 15.0.2000.5
SQL Server 2019 SQL Diagnostics 15.0.2000.5
SQL Server Management Studio for Analysis Services 15.0.18338.0
SQL Server 2019 Master Data Services 15.0.4345.5
SQL Server 2019 Shared Management Objects 15.0.2000.5
SQL Server 2019 Common Files 15.0.2000.5
SQL Server 2019 SQL Polybase 15.0.2000.5
SQL Server 2019 Distributed Replay 15.0.2000.5
SQL Server Management Studio 15.0.18338.0
SQL Server 2019 Shared Management Objects Extensions 15.0.2000.5
SQL Server 2019 Master Data Services 15.0.4345.5
SQL Server 2019 Batch Parser 15.0.2000.5
SQL Server 2019 Integration Services Master Service 15.0.2000.5
Microsoft SQL Server 2019 RsFx Driver 15.0.4345.5
SQL Server 2019 Shared Management Objects 15.0.2000.5
SQL Server 2019 Full text search 15.0.2000.5
SQL Server 2019 Data quality service 15.0.2000.5
SQL Server 2019 Database Engine Services 15.0.2000.5
SQL Server 2019 Integration Services 15.0.2000.5
SQL Server 2019 Database Engine Shared 15.0.2000.5
SQL Server 2019 Integration Services 15.0.2000.5
SQL Server 2019 Common Files 15.0.2000.5
SQL Server 2019 Integration Services Worker Agent 15.0.2000.5
SQL Server 2019 XEvent 15.0.2000.5
SQL Server 2019 Database Engine Services 15.0.2000.5
SQL Server 2019 Distributed Replay 15.0.2000.5
SQL Server 2019 Distributed Replay 15.0.2000.5
SQL Server 2019 Integration Services Master Service 15.0.2000.5
SQL Server Management Studio for Reporting Services 15.0.18338.0
SQL Server Management Studio 15.0.18338.0

 

Mahesh

I see you have SQL Server Management Studio 15 installed. and SSRS 15.
you should consider uninstalling SSMS 15 and install the latest 19 aka.ms/SSMS
Also download the latest SSRS for version 15 and upgrade the one you have

Regards
Javier

Hi @Javier_Villegas,

 

Thanks for your reply and time.

 

If version is the cause of the problem, We have two DB nodes in Production Node1 and Node2, where are the Scan team is saying vulnerability is with Node1 server not from node2 server.

 

We have recently moved to Cloud from On Prem, the same software were used in On-prem servers and we haven't got this type of vulnerability before.

 

Mahesh