MS SQL Server 2016 Instance STIG Version Comparison

There are 5 differences between versions v2 r10 (July 27, 2023) (the "left" version) and v2 r12 (April 24, 2024) (the "right" version).

Check SQL6-D0-018300 was added to the benchmark in the "right" version.

This check's original form is available here.

Title

Microsoft SQL Server products must be a version supported by the vendor.

Check Content

Review the version and release information. To check the version of the installed MySQL, run the following SQL statement: select @@version; The result will show the version. For example: 8.0.22-commercial Access the vendor website or use other means to verify the version is still supported. Oracle lifetime support: https://www.oracle.com/us/assets/lifetime-support-technology-069183.pdf Scroll down to Oracle MySQL Releases (approximately page 28). If the Oracle MySQL version or any of the software components are not supported by the vendor, this is a finding.

Discussion

Unsupported commercial and database systems should not be used because fixes to newly identified bugs will not be implemented by the vendor. The lack of support can result in potential vulnerabilities. Systems at unsupported servicing levels or releases will not receive security updates for new vulnerabilities, which leaves them subject to exploitation. When maintenance updates and patches are no longer available, the database software is no longer considered supported and should be upgraded or decommissioned.

Fix

Remove or decommission all unsupported software products. Upgrade unsupported DBMS or unsupported components to a supported version of the product. Oracle supported platforms can be found here: https://www.mysql.com/support/supportedplatforms/database.html