SQL Server Patch Week (2023-10-14 DBW)

Database Weekly for October 14, 2023 Problems displaying this newsletter? [View online](. [Database Weekly]( The Complete Weekly Roundup of SQL Server News by SQLServerCentral.com Hand-picked content to sharpen your professional edge Editorial  More SQL Server GDRs This week we had a number of SQL Server patches, called GDRs, released. They are available for [SQL Server 2022]( [2019]( [2017]( and [2016](. I've linked to the build lists we maintain at SQL Server Central, and for most of these patches, there is one for the current CU level and one for RTM. FWIW, you ought to be on the current CU (or close) and these are certainly worth testing and applying as these are security updates. I looked at the various CVE bulletins from Microsoft. You can find them all on [this page]( and I found very little information about the exact problem. That's interesting, and often there is some explanation of the attack vector and how an attacker might use it. That's good because it helps me decide just how critical this is and how vulnerable I am. While I do try to get security patches applied quickly, there might be a reason I don't apply today and wait for a few days because of other work. All of these items have a few metrics: they are local attack vectors, but the complexity is low and the privileges required are low or none. Those last two are a little scary. However, the details aren't publicly disclosed and the likelihood of these being exploited is "less likely." That's interesting and makes me want to learn more about the issues here. If I go to the NIST site for [CVE-2023-36420]( I see a note that this is still undergoing analysis and there aren't any specifics on what the issue is for a server. Over the years, we've had relatively few security patches issued for SQL Server. Looking for GDRs, I see 6 for SQL Server 2017. I see 8 in that time frame for Oracle. PostgreSQL includes security patches are part of their minor updates and I was too lazy to dig through all the release notes, but I suspect there have been a few issues. I have also seen patches for MySQL, though a consolidated list is hard to find. Security is constantly evolving, and the way that researchers and hackers find vulnerabilities changes over time. I don't expect that all database software is completely secure, but I am glad to see patches and updates released over time and special releases made when there are problems. Now we need more installations to apply those patches. Quite a few breaches in the last 20 years have come from unpatched software, which is a problem. Part of any modern software architecture ought to be a process for applying patches when needed, which is certainly sometime soon after a security update. Steve Jones - SSC Editor [Join the debate, and respond to the editorial on the forums](  The Weekly News All the headlines and interesting SQL Server information that we've collected over the past week, and sometimes even a few repeats if we think they fit. AI/Machine Learning/Cognitive Services [Using AI to Improve Metadata and Business Outcomes]( From Dataversity When training AI models, the accuracy of the AI app depends on the quality of the training material it receives. Naturally, feeding it more than it needs or not... Administration of SQL Server [SQL Server 2022 Common Criteria EAL4 Certification]( From MS SQL Server Blog  [Lesson Learned #442: Determining CPU Usage in Azure SQL Database: One Query or Many?]( From Azure Database Support Blog When managing Azure SQL Databases, it's crucial to monitor performance metrics, especially CPU usage. One of the challenges faced by database administrators is determining whether high CPU usage is... [In-memory table in Azure SQL DB doesn’t release memory- Msg 41823, Level 16, State 109, Line 1]( From Azure Database Support Blog Issue We recently encountered a support case where... [Common Mistakes in SQL Server – Part 4]( From SQLServerCentral Blogs Last week we have discussed how Null Values can ca... [SQL SERVER – Understanding When to Use DBCC UPDATEUSAGE in SQL Server]( From Journey to SQL Authority with Pinal Dave DBCC UPDATEUSAGE is a command available in SQL Server that is used to update the page and row count metadata for database objects. First appeared on SQL SERVER – Understanding... Analysis Services / BI on the MS Stack [SSAS Tabular Model – Help – SortByColumn property set to an invalid column ID]( Since a couple of weeks, we have been redesigning our SSAS Tabular Model. We are keeping the model as user-friendly as possible and we try to minimize overhead for our end-users to a bare minimum. Azure CosmosDB [Public Preview: Azure Open AI “Use your data” integration with Azure Cosmos DB for MongoDB vCore]( From Azure Updates Now you can easily leverage your data stored in Azure Cosmos DB for Mongo DB vCore for Retrieval Augmented Generation (RAG) with Azure OpenAI models using the "Use your... Azure Databricks, Spark and Snowflake [How to kill a running Spark application?]( From Hadoop in the Real World Apache Spark is a powerful open-source distributed... [Spark – Reading Parquet – Pushed Filters, SUBSTR(timestamp, 1, 10), LIKE and StringStartsWith]( From Large-Scale Data Engineering and Analytics in Cloud Often incoming data contain timestamp values (date and time) in the string representation like 2023-07-28 12:50:22.087 i.e., and it is common to run queries with DATE filters as follows:... Azure SQL [Lesson Learned #441: Monitoring TempDB Transactions Space in Azure SQL Elastic Pools with PowerShell]( From Azure Database Support Blog Today, we addressed a service request from our cus... Azure SQL Managed Instance [License-free DR on Azure SQL Managed Instance for SQL Server 2022]( From Azure SQL Hybrid failover rights is a new benefit that allows you to run a license-free Azure SQL Managed Instance when used as a passive DR replica for your SQL Server... Career, Employment, and Certifications [Exploring the Benefits of Degree Apprenticeships]( From Purple Frog Systems In today’s fast-paced world, traditional higher ... [The Evolution of Database Administration: From Administration to Database Reliability Engineering]( From SQLServerCentral Blogs In the fast-paced world of IT, where trends like DevOps and Infrastructure as Code (IaC) dominate the landscape, the concepts of Reliability and Observability have seamlessly woven themselves into... The... Cloud - AWS [AWS Weekly Roundup: AWS Control Tower, Amazon Bedrock, Amazon OpenSearch Service, and More (October 9, 2023)]( From AWS News Blog As the Northern Hemisphere enjoys early fall and p... Cloud - Azure [Azure Files has been improved to support all valid Unicode characters]( From Azure Updates Azure Files now supports an expanded character set enabling file and directory names with all valid Unicode characters. Conferences, Classes, Events, and Webinars [The Database DevOps Roadshow Continues (with fun photos)]( From SQLServerCentral Blogs At SQL Saturday Denver 2023, I had a few people as... [Free Training: Locking and Blocking – Tuning Spools]( From Erik Darling Data Locking and Blocking – Tuning Spools Going Furth... [Top 5 Redgate sessions you don’t want to miss out on at PASS Data Community Summit 2023]( From Blog – Redgate Software After reuniting in Seattle last year for the PASS Data Community Summit, we’re excited to bring you another jam-packed schedule of informative and educational sessions. There’ll be a lot... [Free Training: Locking and Blocking – When Read Queries Block Write Queries Demo]( From Erik Darling Data Locking and Blocking – When Read Queries Block Write Queries Demo Going Further If this is the kind of SQL Server stuff you love learning about, you’ll love my... DMO/SMO/Powershell [Initialize-Choice]( From No Column Name Dear Host, you don't have to use Read-Host. There is a choice Data Science [Normal distribution and uniform distribution symmetric around 0 do not have finite inverse first moments]( From Statistical Odds & Ends I recently learned that if or , then does not exis... Data Visualisation [storytelling with a solar eclipse]( From Storytelling with Data Before getting into today’s topic, I’ll draw your attention in the map above to the red line cutting across Oregon, Nevada, Utah, and the Southwest: these will be the... [when simple charts are surprisingly confusing]( From Storytelling with Data Here's a tip we share frequently: keep your charts as simple as you can. Limit the amount of information you display at any one time, use graph types people... Database Design, Theory and Development [Video: Database Normalization–First Normal Form]( From 36 Chambers – The Legendary Journeys THE VIDEO THE SYNOPSIS In this video, we start at the ground floor with 1st Normal Form. We’ll learn what people think it is, what it really is, and... DevOps and Continuous Delivery (CI/CD) [Google DORA 2023 State of DevOps Report Finds Culture, User Focus Key to Success]( From IT Pro - Microsoft Windows Information, Solutions, Tools Looking to improve DevOps operations? A new Google report suggests focusing on culture and users. [Five database DevOps practices for boosting team productivity]( From Blog – Redgate Software Developing and deploying database changes can be a complex task, made more challenging by the fact that development teams need to move fast, while also protecting an organization’s crown... MDX/DAX [Using field parameters and calculation groups for conditional formatting]( From Sqlbi How to apply conditional formatting on measures picked from a slicer and implemented using two techniques: field parameters and calculation groups. Microsoft Fabric ( Azure Synapse Analytics, OneLake, ADLS, Data Science) [Fabric Down Under show 4 with guest Will Thompson discussing Data Activator in Microsoft Fabric]( From The Bit Bucket I had the great pleasure to get to spend time toda... [Exploring Direct Lake Framing and warm-up data using Semantic Link in Fabric Notebooks]( From Data – Marc In the previous blog, I wrote about data temperatu... [Microsoft Fabric repositories publicly available in GitHub]( From Kevin Chant Reading Time: 4 minutes In this post I want to cover some interesting Microsoft Fabric repositories publicly available in GitHub. I wanted to do this post after last... [Data Science in Microsoft Fabric]( From RADACAD Microsoft Fabric, as an end-to-end SaaS, provides multiple workloads, including Data Science. In this article and video, you will learn the Data Science workload in Microsoft Fabric, what it... [Microsoft Fabric roadmap]( From SQLServerCentral Blogs Microsoft Fabric is an awesome product that has now been in public preview for five months. If you are not familiar with it, check out my recent video where... The... Oracle/PostgreSQL/MySQL/other RDBMS [PostgreSQL Indexes: What They Are and How They Help]( From Simple Talk In the previous blog in this series, we learned how to produce, read and interpret execution plans. We learned that an execution plan provides information about access methods, which... Performance Tuning SQL Server [SQL Server query performance decay]( From SQLBlog.org In this tip, I talk about various reasons a query's performance can change over time - even when the application hasn't changed. PowerPivot/PowerQuery/PowerBI [(Livestream Replay) Supercharge your Power BI Monitoring with Argus PBI - with Greg Baldini]( From Havens Consulting DESCRIPTION You need to know what's going on i... [Power BI Dataset refresh failed with Personal Cloud Connections]( From FourMoo This week I was working with a customer where they had a dataset that was previously refreshing successfully and not it failed. It failed with the error “Due to... [Unlock Effortless Power BI Theming with the New Gallery Feature]( The Power BI Tips Theme Generator tool already allows you to easily interact with, and adjust, all the visual properties, wireframes, etc… How could we possibly make Power BI Theme building an effortless experience? We start with building it all for you, then letting you adjust it! The all new Gallery feature represents a significant leap forward in simplifying the theming process for all. [What Does It Mean To Refresh A Direct Lake Power BI Dataset In Fabric?]( From Chris Webb's BI Blog If you’ve heard about the new Direct Lake mode f... [Conditional Formatting in Power BI with Field Parameters and Calculation Groups]( From Curated SQL Marco Russo and Alberto Ferrari perform some forma... Product Reviews and Articles [Using a GitHub Tagged Release for a Flyway Migration]( From Product learning – Redgate Software Why not just build the latest version of any branch of the database by pulling the scripts from the latest tagged release on GitHub? While it is easy to... Product Upgrades and Releases [Cumulative Update #23 for SQL Server 2019 RTM]( From MS SQL Server Blog The 23rd cumulative update release for SQL Server ... [Cumulative Update #9 for SQL Server 2022 RTM]( From MS SQL Server Blog The 9th cumulative update release for SQL Server 2... [Update: Hotfixes released for ODBC and OLE DB drivers for SQL Server]( From MS SQL Server Blog We've released hotfix packages for the following d... [General Availability: Azure Private Link for MySQL – Flexible Server]( From Azure Updates Use Azure Private Link for private connectivity with MySQL – Flexible Server. [General Availability: Universal cross-region read replica on Azure Database for MySQL - Flexible Server]( From Azure Updates Provision up to 10 read replicas in universal regions on Azure Database for MySQL - Flexible Server. [General availability: Azure SQL updates for early-October 2023]( From Azure Updates General availability enhancements and updates released for Azure SQL in early-October 2023.    Python [An Introduction to Python Package Managers]( Python is a general purpose, high level language which, thanks to its simplicity and versatility, has become very popular, especially within the data science community. The extensive Python community has developed and contributed thousands of libraries and packages over the years in a plethora of different disciplines to aid developers with their applications. R Language [Creating Interactive Radar Charts in R with the ‘fmsb’ Library]( Radar charts, also known as spider, web, polar, or star plots, are a useful way to visualize multivariate data. In R, we can create radar charts using the fmsb library. Here are several examples of how to create radar charts in R using the fmsb library: [Changing the Size of a Legend in R]( Changing the size of the legend on a plot in R can be a handy skill, especially when you want to enhance the readability and aesthetics of your visualizations. In this blog post, we’ll explore different methods to resize legends on R plots with practical examples. [Little useless-useful R functions – Function for faster reading with Bionic Reading]( From TomazTsql Trick your brain into faster reading with the help... SQL Server Security and Auditing [T-SQL Tuesday #167 – Data Protection]( From Deb the DBA Happy T-SQL Tuesday, y’all! This month, Matthew McGiffen (b | t) asks us to write about SQL Server Encryption and Data Protection. You can read the full invitation here.... [T-SQL Tuesday 167: Encryption and Data Protection]( From Callihan Data This month’s T-SQL Tuesday topic comes from Matthew McGiffen, who asks us to talk about encryption and protecting data in SQL Server. To read the full topic invite, click... Security News and Issues [Microsoft Confirms Chinese State-Backed Atlassian Confluence Attacks]( From Petri IT Knowledgebase Microsoft has revealed that a Chinese-backed threa... [Cisco Can’t Stop Using Hard-Coded Passwords]( From Schneier on Security There’s a new Cisco vulnerability in its Emergency Responder product: This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for... [Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug]( From Dark Reading: Dark Reading News Analysis October's CVE update is here. Here's which security vulnerabilities to patch now to exorcise your Microsoft systems demons. T-SQL and Query Languages [SQL: Even more details on finding rows that have changed using HASHBYTES and FOR JSON PATH]( From The Bit Bucket In a previous post, I wrote about how to create a ... [Rounding to the Nearest Penny in SQL Server with T-SQL]( From MSSQL Tips In this article, we look at how to use T-SQL to round to the nearest penny with built-in and custom T-SQL rounding functions. Tech News [Windows Server 2012/R2 reaches end of support]( From Azure Updates Windows Server 2012/R2 reaches end of support toda... [Uber's Ex-CISO Appeals Conviction Over 2016 Data Breach]( From IT Pro - Microsoft Windows Information, Solutions, Tools Joe Sullivan's lawyers have claimed his conviction on two felony charges is based on tenuous theories and criminalizes the use of bug bounty programs. [Modernizing the Mainframe—IBM Introduces Watsonx Code Assistant for Z]( From Past News - RSS Feeds IBM has introduced watsonx Code Assistant for Z, a... [How AI Is Transforming Cloud Computing]( From IT Pro - Microsoft Windows Information, Solutions, Tools Artificial intelligence and cloud computing are a ... The Lighter Side [A New Word: Ringlorn]( From SQLServerCentral Blogs ringlorn – adj. the wish that the modern world f...  [RSS Feed]( This email has been sent to {EMAIL}. To be removed from this list, please click [here](. If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. This newsletter was sent to you because you signed up at SQLServerCentral.com. Note: This is not the SQLServerCentral.com daily newsletter list, and unsubscribing to this newsletter will not stop you receiving the SQL Server Central daily newsletters. If you want to be removed from that list, you can follow the instructions on the daily newsletter. ©2019 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved. webmaster@sqlservercentral.com  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -