SQLServerUpdates.com
  • Home – Most Recent Updates
    • SQL Server 2019 Updates
    • SQL Server 2017 Updates
    • SQL Server 2016 Updates
    • SQL Server 2014 Updates
    • SQL Server 2012 Updates
    • SQL Server 2008 R2 Updates
    • SQL Server 2008 Updates
  • Download SQL Server
  • Subscribe to Updates
  • Contact Us
    • Frequently Asked Questions

Announcing SQL 2017 CU3, 2016 SP1 CU7 with Meltdown/Spectre Attack Mitigations

5 years ago
Brent Ozar
Updates
6 Comments

The Meltdown and Spectre attacks are newly announced ways of hacking CPUs, and they’re causing all kinds of urgent patches this week in operating systems, hypervisors, and apps.

  • SQL Server 2017 CU3
  • SQL Server 2016 SP1 CU7

Go get ’em, tiger.

Other improvements & fixes include some really awesome stuff!

  • New MAXDOP hint for stats updates
  • New spills columns in DMVs to diagnose TempDB spills
  • CXPACKET shows up in execution plans
  • Plans show the list of stats used during query optimization
  • Stats on partitioned tables not automatically updating, which includes a new trace flag 11024
  • Memory leak during Hekaton backups
  • Deadlocks on parallel queries of clustered columnstore indexes
  • Long query compile times if you cast a string to XML
Brent Ozarhttp://sqlserverupdates.com
I make Microsoft SQL Server faster and more reliable. I love teaching, travel, and laughing.
Previous Post
SQL Server 2014 SP2 Cumulative Update 9 Released
Next Post
Announcing SQL Server 2016 SP1 CU8, 2014 SP2 CU11

6 Comments. Leave new

  • M
    January 4, 2018 3:30 pm

    Are you saying there are mitigations for Meltdown and Spectre inside the CUs? I’m not seeing anything in the release notes regarding this. Also, my understanding is that this could only be patched at the OS level.

    Reply
    • Brent Ozar
      January 4, 2018 3:32 pm

      Yeah, read the CU documentation carefully. Microsoft is saying this is also being released as a security patch – which would imply there’s something in here that’s security-related.

      (I mean, surely they wouldn’t lie and call something a security patch when it’s not, one would hope.)

      Reply
  • Rudy Panigas
    January 4, 2018 3:33 pm

    Thanks for the infor!!
    Do you know if these patches help against the “Meltdown and Spectre” attacks for SQL Server in parallel to the OS patch? Is the OS patch required with the updated SQL patches?
    Thanks 🙂

    Reply
    • Brent Ozar
      January 4, 2018 3:35 pm

      Your best bet there is to read Microsoft’s guidance:

      https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server

      Reply
  • Wayne Chandler
    January 4, 2018 5:41 pm

    I guess they are not going to be releasing a patch for this for SQL 2008/12/14??
    (I know I know..)

    Reply
    • Brent Ozar
      January 4, 2018 5:44 pm

      Your guess there is as good as mine. My guess would be yes, they’ll release it at some point, since it’s a security thing and not a performance thing.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Subscribe

Want to get an email when Microsoft publishes a new SP or CU for SQL Server? Subscribe here.

Recent Updates

  • SQL Server 2022 Gets Its 2nd Update in 2 Days February 16, 2023
  • SQL Server 2022 Gets Its First Update! Plus 2019, 2017, 2016, 2014 Updates February 14, 2023
  • Announcing SQL Server 2019 CU15 January 27, 2022
  • Announcing SQL Server 2019 CU13 and SSMS 18.10: Replication Improvements October 5, 2021
  • Announcing 2016 Service Pack 3 and 2017 CU26 September 15, 2021

© 2021 Brent Ozar Unlimited®. All Rights Reserved. Privacy Policy