Simon's SQL

SQL,DBA,tuning,Trouble Shooting,Performance

Posts Tagged ‘Meltdown’

Meltdown and Spectre update for SQL 2012 and SQL 2014

Posted by Simon Cho on 01/18/2018

Finally, MS release new service pack update for SQL 2012 and SQL 2014.

Please follow the below link for guidance for SQL server.

All official links keep updating in the same article.

SQL Server – https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server
Windows Server – https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

 

Here is the recent update for SQL 2012 and SQL 2014.

4057117 Description of the security update for SQL Server 2014 SP2 CU: January 16, 2018
4057120 Description of the security update for SQL Server 2014 SP2 GDR: January 16, 2018
4057116 Description of the security update for SQL Server 2012 SP4 GDR: January 12, 2018 

 

Here are all supported versions’ link.

SQL Server 2017 GDR
SQL Server 2016 SP1 CU7*
SQL Server 2016 SP1 GDR
SQL Server 2016 RTM CU
SQL Server 2016 RTM GDR 
SQL Server 2008 SP4
SQL Server 2008 R2 SP3
SQL Server 2012 SP4 GDR
SQL Server 2012 SP3 CU
SQL Server 2012 SP3 GDR
SQL Server 2014 SP2 CU*
SQL Server 2014 SP2 GDR 

Advertisements

Posted in Common | Tagged: , , , , | Leave a Comment »

Meltdown and Spectre

Posted by Simon Cho on 01/10/2018

<Google Prject Zero>

It started from “Google Project Zero”.

https://googleprojectzero.blogspot.com/

Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD and ARM on 2017-06-01.

 

Here is the guide line for SQL Server and Windows Server.

SQL Server – https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server
Windows Server – https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

SQL Server Patch available for below version.

SQL 2012 and SQL 2014 should release soon.

SQL Server 2017 CU3*
SQL Server 2017 GDR
SQL Server 2016 SP1 CU7*
SQL Server 2016 SP1 GDR
SQL Server 2016 RTM CU
SQL Server 2016 RTM GDR
SQL Server 2008 SP4 (This is new version of SP4. Version number is slightly different.)
SQL Server 2008 R2 SP3(This is new version of SP3. Version number is slightly different.)

It seems like not that many articles reported SQL 2008 SP4 and SQL Server 2008 R2 SP3 with this patch.

 

<Here is the related blogs and articles>

https://www.brentozar.com/archive/2018/01/sql-server-patches-meltdown-spectre-attacks/

https://www.sqlskills.com/blogs/glenn/microsoft-sql-server-updates-for-meltdown-and-spectre-exploits/

 

Perfermance

https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/

 

ploited Vulnerability CVE Exploit
Name
Public Vulnerability Name Windows Changes Silicon Microcode Update ALSO Required on Host
Spectre 2017-5753 Variant 1 Bounds Check Bypass Compiler change; recompiled binaries now part of Windows Updates

Edge & IE11 hardened to prevent exploit from JavaScript

No
Spectre 2017-5715 Variant 2 Branch Target Injection Calling new CPU instructions to eliminate branch speculation in risky situations Yes
Meltdown 2017-5754 Variant 3 Rogue Data Cache Load Isolate kernel and user mode page tables No

In general, our experience is that Variant 1 and Variant 3 mitigations have minimal performance impact, while Variant 2 remediation, including OS and microcode, has a performance impact.

  • With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.
  • With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.
  • With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.
  • Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

 

Posted in Common | Tagged: , , , | Leave a Comment »