1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


SQL Server patches contain program updates that fix security and product functionality issues found in the software. These patches can be installed with a hotfix which is a single patch, a cumulative update which is a small group of patches or a service pack which is a large collection of patches. The SQL Server version and patch levels should be the most recent compatible with the organizations' operational needs.


Using the most recent SQL Server software, along with all applicable patches can help limit the possibilities for vulnerabilities in the software. The installation version and/or patches applied during setup should be established according to the needs of the organization.


Identify the current version and patch level of your SQL Server instances and ensure they contain the latest security fixes. Make sure to test these fixes in your test environments before updating production instances.
The most recent SQL Server patches can be found here:

Hotfixes and Cumulative updates: https://docs.microsoft.com/en-us/sql/database-engine/install-windows/latest-updates-for-microsoft-sql-server?view=sql-server-ver15&viewFallbackFrom=sql-server-2016

Service Packs: https://support.microsoft.com/en-us/help/3177534/how-to-obtain-the-latest-service-pack-for-sql-server-2016

Default Value:

Service packs and patches are not installed by default.

See Also