• Patch Lady – SQL patching in August

    For the folks with SQL server and in particular SQL 2014:  I’ve seen this come up a bit in forums and other venues:


    In that post it implies that other versions of SQL besides 2016 and 2017 are vulnerable.

    The way I read it and understand the situation it’s only SQL 2016 and 2017 that are vulnerable.  If you have SQL 2014 SP2 which is supported until 2024 and still in mainstream support – it’s not vulnerable.

    Just because newer stuff is newer doesn’t mean older stuff is vulnerable too.

    The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected.

    Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.

    That second statement is totally not true.  SQL 2014 sp2 is very much supported.

    In fact as you can see from the link below it’s supported until 2024 for security updates (Extended support is the final date of support for security patches)


    And definitely mainstream until 2019 (which means it not only gets security updates but general fixes as well.

    Apologies to the MSRC folks but I rate this on the Pinocchio scale for this portal entry as Not Transparent enough and thusly confusing.