1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed


SQL Server patches contain program updates that fix security and product functionality issues found in the software. These patches can be installed with a hotfix which is a single patch, a cumulative update which is a small group of patches or a service pack which is a large collection of patches. The SQL Server version and patch levels should be the most recent compatible with the organizations' operational needs.


Using the most recent SQL Server software, along with all applicable patches can help limit the possibilities for vulnerabilities in the software. The installation version and/or patches applied during setup should be established according to the needs of the organization.


Identify the current version and patch level of your SQL Server instances and ensure they contain the latest security fixes. Make sure to test these fixes in your test environments before updating production instances.

The most recent SQL Server patches can be found here:

Hotfixes and Cumulative updates: https://docs.microsoft.com/en-us/sql/database-engine/install-windows/latest-updates-for-microsoft-sql-server?view=sql-server-ver15&viewFallbackFrom=sql-server-2014

Service Packs: https://support.microsoft.com/en-us/help/2958069/how-to-obtain-the-latest-service-pack-for-sql-server-2014

Default Value:

Service packs and patches are not installed by default.

See Also


Item Details


References: 800-53|CM-7(5), CSCv6|4, CSCv7|2.2

Plugin: MS_SQLDB

Control ID: 4c67a104231be43186f83b18b39e9571d66ad3421341b83a8cec1284daad6ad0