• This topic has 1 reply, 2 voices, and was last updated November 5, 2019 by Matthew W.

Security Scanner reporting sql is old version

  • Yonni K
    November 5, 2019 01:23:42 PM

    Our security team has flagged the embedded sql server as being out of date and wants us to upgrade it. Is there any recommendation or documentation around if this is even possible or is the security scanner wrong? They say:
    According to its self-reported version number, the installation of Microsoft SQL Server on the remote host is no longer supported.

    Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

    See Also:
    http://www.nessus.org/u?d4418a57

    Matthew W
    November 5, 2019 06:44:50 PM

    Hey there, this is Matt, with Zerto Support.

    Upgrading the current version of SQL Express 2014 LocalDB is not recommended as we haven’t fully tested later versions for any possible issues. Our engineering team is planning on upgrading the next internal db version to something that is more in-line with current Microsoft support for the next major release. IF you can’t wait until the next major release for Zerto (likely will be early 2020) I would recommend moving to SQL Express following our documentation for a db migration.

    http://s3.amazonaws.com/zertodownload_docs/Latest/Migrating%20the%20Zerto%20Virtual%20Replication%20Database%20to%20Microsoft%20SQL%20Server.pdf

    Hope this helps!

You must be logged in to create new topics. Click here to login