MS SQL Server 2014 Instance STIG Version Comparison

There are 1 differences between versions v2 r2 (Jan. 27, 2022) (the "left" version) and v2 r4 (July 24, 2024) (the "right" version).

Check SQL4-00-039200 was added to the benchmark in the "right" version.

This check's original form is available here.

Title

Microsoft SQL Server products must be a version supported by the vendor.

Check Content

Review the version and release information. Verify the SQL Server version via one of the following methods: Connect to the server by using Object Explorer in SQL Server Management Studio. After Object Explorer is connected, it will show the version information in parentheses, together with the user name that is used to connect to the specific instance of SQL Server. Or, from SQL Server Management Studio: SELECT @@VERSION; More information for finding the version is available at the following link: https://learn.microsoft.com/en-us/troubleshoot/sql/releases/find-my-sql-version SQL Server 2014 is no longer supported by the vendor. If the system is running SQL Server 2014 or earlier, this is a finding.

Discussion

Unsupported commercial and database systems should not be used because fixes to newly identified bugs will not be implemented by the vendor. The lack of support can result in potential vulnerabilities. Systems at unsupported servicing levels or releases will not receive security updates for new vulnerabilities, which leaves them subject to exploitation. When maintenance updates and patches are no longer available, the database software is no longer considered supported and should be upgraded or decommissioned.

Fix

Upgrade unsupported DBMS or unsupported components to a supported version of the product.