Security Updates for SQL Server Jan 2021–CVE-2021-1636

Posted on January 13, 2021 by way0utwest

There was a security bulletin (CVE-2021-1636) for SQL Server, an elevation of Privilege vulnerability that could be exploited when an Extended Event session is running.

SQL Server has released a number of patches. You can see them on the Release blog, but there are KB links below. If you have any servers that potentially can be accessed by unauthorized traffic, consider patching them.

SQL Server 2019

SQL Server 2017

SQL Server 2016

SQL Server 2014

SQL Server 2012

For SQL Server 2016 and earlier, make sure you are at the Service Pack levels listed. If you aren’t, you cannot patch these instances.

Posted in Blog | Tagged , , | 2 Comments

Getting a New Remote Git Branch–#SQLNewBlogger

Posted on January 13, 2021 by way0utwest

Another post for me that is simple and hopefully serves as an example for people trying to get blogging as #SQLNewBloggers.

I was notified of a new PR at DataSaturdays, and I went to look at the changes. In this case, a lot of styling items in the code, which I can’t quite picture. I also wanted to check the behavior of some sorting changes. How could I do this?

I saw the branch, but I wasn’t sure how to get it locally. For me, I started with Google, which too me to StackOverflow. Here I found an answer.

I have git v2.29, so I could probably have used just the checkout command, but I ended up doing this command:

git fetch

which got me the new branch.

2021-01-05 10_27_18-cmd

From here, I did a checkout of this branch, tested the code, and then could approve the PR.

I know I’ve likely had to get a branch before, but I am hoping that writing this post will help me remember.

SQLNewBlogger

This is a skill that is handy for working with code, and these days, even infrastructure and management. Git is an important skill, so showcase some things you learned, how, and why, on your blog.

This post took me about 6 minutes to write.

Posted in Blog | Tagged , , | Comments Off on Getting a New Remote Git Branch–#SQLNewBlogger

T-SQL Tuesday #134–Taking a Break

Posted on January 13, 2021 by way0utwest

I’m a day late for T-SQL Tuesday this month, literally because I was taking a break. Yesterday I took a holiday to go snowboarding with a friend. The weekend was a break from life, as I twisted my back Thursday night and spent most of the time since Friday in bed, healing over the weekend.

This month, the invitation is from James McGillivray, and the topic is “Give Me a Break”, which might be appropriate as we have left 2020 behind, but not the pandemic. While I had a break, I’ll give you a few things that help me unwind.

My Breaks from Work

I’ve been stuck at some somewhat, but not completely, during the pandemic. The lockdowns in Colorado were shorter, and easier, so I haven’t had the challenges of others. Plus, I live on a horse ranch, so I’m not as restricted as many others.

I am used to traveling, however, and despite the space we have, I felt somewhat trapped last year. I haven’t been used to spending more than 3-4 weeks in my office without a trip, so there was a different adjustment from many others. Some of my breaks:

  • horseback riding with my wife. We can ride off the property and through some nearby fields for a 2-3 mile trip
  • guitar – I spent more time learning some songs and sitting outside. I’ve even taken some breaks during the day when I need them.
  • language – I picked up Duolingo, and started relearning Japanese with my oldest. He studies on his own, but we text to practice.
  • cooking – my household went from

Vacation

For vacations, I have been trying to do more of this over the years, and more with my wife. My children are adults, so my wife has joined me for a number of trips in the last few years, some dedicated to vacation, some just extending work trips.

The bucket list vacation for me is a big tour of Japan. I’ve never been, and for no good reason.

Last year we were planning on Machu Piccu in the summer, which got cancelled. That’s still on the list, as is some sort of trip to Africa, likely Kenya/Tanzania. Hiking Mt. Kilmanjaro is on my list.

As for the best vacation, it has to be with family. We’ve had a number, but I think our 12-13 day camping trip up through Yellowstone National Park and Glacier National Park was epic.

Posted in Blog | Tagged , | 1 Comment

Security in the Aftermath

Posted on January 13, 2021 by way0utwest

Not too long ago was a very sad and embarrassing day for the US. The US capital was breached and rioters had hours inside without authorities. Ignoring the reasons and politics behind the event, think about the security of the building and systems after the criminals were removed from the building.

Someone else brought up this point, which I think is fair. Can you trust any system in the building? Keyloggers, cameras, who knows what devices might have been planted. As a friend noted, anything with a plug should be thrown out. Who knows what might have been replaced or altered to create a security vulnerability.

I haven’t had intruders in an office, but I have had to evacuate offices and returned to find unsecured systems. I’ve seen unlocked computers, when there were law enforcement or fire department staff walking around unsupervised. I doubt they did anything, and certainly never heard of any breach, but it is something to think about before you have to deal with the event.

Have you thought about this or had to deal with this situation? Are you ready to audit systems and ensure nothing happened? Forget about spy devices, though those are certainly possibilities in this day of hot-plug USB keyboards, what about someone accessing information? If someone left a machine unlocked, would you think to check the history of the machine? Look at sites visited or emails sent? I don’t know I’ve ever thought about this, though in today’s world, this is something to consider. We are seeing some crazy types of attacks on systems, and I suspect it will continue to get worse.

I learned a long time ago to lock my machine when I leave for any reason. A large group of administrators took delight in changing configurations, wallpaper, even sending embarrassing emails from unlocked machines to the group. After making a couple mistakes, it became a habit to lock a machine before you stood up for any reason.

Most of us won’t deal with criminals walking around our office space, but we certainly should be careful and aware that unsupervised people around privileged systems is always a bad idea. I used to hate taking out the trash from a computer room I worked in, but I now appreciate that allowing cleaning staff into that space might not have been a good idea in a nuclear power plant.

Steve Jones

Listen to the podcast at Libsyn, Stitcher, Spotify, or iTunes.

Posted in Editorial | Tagged | Comments Off on Security in the Aftermath