Spectre and Meltdown - Is SQL Affected?

January 15, 2018

Sql Blog

What is Spectre/Meltdown?

Two separate hardware-based exploits have been made public that affect all modern CPU chips, including Intel, AMD and ARM, and operating systems. It is difficult to understate the impact.

This flaw allows attackers to dump the entire memory contents off of a machine/mobile device/PC/cloud server, which could include passwords, SSL keys, etc.

The “Meltdown” flaw is isolated to Intel and has vast potential to malignant actors, while the “Spectre” flaw affects all processors and is more difficult to exploit.

For now patches will be issued, but in the future, hardware design changes will eliminate these in future CPU releases.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

How do I protect my systems?

Emergency patches have been or will be released by Microsoft and you will need to apply them to all servers. Hypervisors will also need to be patched. SQL Servers will also need to be patched. Application changes may also be recommended.

How does this affect my Azure SQL Database (PaaS)?

Patches have already been applied by Microsoft.

How does this affect my SQL Server instance?

Aside from hypervisor and OS patches, SQL Server patches will be made available. At this moment, only patches for SQL 2016 and 2017 are available and should be applied as soon as possible.

Additionally, Microsoft is reiterating some code recommendations as an additional step for applications that run on the same Windows Server as a SQL Server instance.

https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server

We can help…

Our SQL and database consultants can help your team navigate these security issues. Contact us: http://www.sparkhound.com/contact

Information and material in our blog posts are provided "as is" with no warranties either expressed or implied. Each post is an individual expression of our Sparkies. Should you identify any such content that is harmful, malicious, sensitive or unnecessary, please contact marketing@sparkhound.com.

Meet Sparkhound

Review our capabilities and services, meet the leadership team, see our valued partnerships, and read about the hardware we've earned.

Engage with us

Get in touch with any of our offices, or check out our open career positions and consider joining Sparkhound's dynamic team.