VMware: SQL Server Guidance to Protect Against Meltdown and Spectre Attacks
You may have heard about the latest security issues with CPUs that affect Intel, AMD, and ARM processors. The attacks, named Meltdown and Spectre, were prompting DBAs around the globe to ask “how will this patch affect SQL Server performance”. The answer is simple: We don’t know for certain.
Today Microsoft released a KB article to provide guidance for SQL Server installations in response to the Meltdown and Spectre side-channel attacks. You should take the time to review that KB article. Here’s what Microsoft has to say about performance:
Microsoft continues to do performance evaluation on the patched binaries. However, at the time of publication, Microsoft has not yet validated SQL Server performance with all microcode patches, nor has it validated performance in all Linux environments. Customers are advised to evaluate the performance of their specific application when applying patches. Please validate the performance impact of enabling microcode changes before deploying into a production environment. Microsoft will update this section with more information when it is available.
Translation: We have no idea right now if your performance will be worse after patching.
Not everyone is at riskBut there is some good news, too. For example, if you are running on bare metal (no VMs), and you have no untrusted application logic on the server, and no untrusted SQL Server features (such as CLR), then you are likely fine for right now and there is no need to patch. The KB article lists out recommendations for users based upon scenarios such as bare metal, Azure VMs, and even for SQL Server on Linux.
Read the entire article here, SQL Server Guidance to Protect Against Meltdown and Spectre Attacks
Via the fine folks at VMware!