THE OFFICIAL BLOG OF THE SBS "DIVA"

For those of you that remember the SBS 2003 beta, you also remember that smack dab in the middle of it we patched that sucker.  For SQL slammer.  One of the big security events of Microsoft was in the middle of the SBS 2003 beta.  And it showcased then how hard it was to patch SQL.  Well we are being reminded of it this week.  SQL, I would argue, only in the post 2003 era has gotten patchable, even in the msde instances we have on SBS, the are a bit 'creaky' to patch.  So if you are having issues patching your SQL instances there are a couple of things (it's my opinion) to keep in mind.

1.  Don't look for special or fixed patches.  If your system is having problems getting patched, it's probably some wierdness on your box.  The idea that somehow a patch installer can see and understand all the wierdness our systems have, is asking too much.

2. IMHO there is not an immediate need to patch this very minute.  These are not 'from remote' security issues.  Consider these security patches like they are service packs and do them AFTER you have backed up your SQL, after you have backed up your server and all the other prep stuff you'd do for a service pack.

3.  We've already seen that people are getting stuck when the sql instance wasn't updated properly.. http://blogs.technet.com/sbs/archive/2008/07/11/cannot-access-company-web-after-installing-948110.aspx, issues where they didn't know the SA password.

4.  I personally have seen where my Shavlik patch tool is trying to install the QFE version of the SQL patches even though I already have the GDR ones installed.

Bottom line, just be aware that SQL patches are messy this month and as someone recently said.... the problem is that we've installed databases all over the place and not trained anyone to be a true database administrator.

Go slow, backup and be prepared.