I have SQL 2008 SP1 server but KB2716439 is treated as "not applicable" for the server.

This should be the status as reported by the WU Agent to the WSUS Server. Go to the WSUS, 'All Updates' node in Patch Manager, filter on the specific KB and look at the 'Computers Summary' and 'Updated Events' tabs to see if it offers any clues. My install is synchronized, and it shows this update doesn't have any Superseding updates - so, that is unlikely to be a reason here

hi,

Mine is showing 24 computers not applicable and within it there are  SQL 2008 SP1 servers.

Example of Computer with SQL server 2008 SP1 - SINFNDPDB01

Computer Summary shows not applicable for that server:-

Update events show empty:-

Any way of finding out why is it not applicable to the server?

Thanks,

Obviously, the Windows Update agent thinks either the pre-requisites or the applicability rules don't apply to the machines in question. I am tempted to say - use the 'Windows Update Agent Maintenance and Repair' action for one of the affected managed computer to run a full repair and maintenance, and let the WU Agent report back the status once again. I am sure Lawrence Garvin will have better suggestions than me

Service Pack *TWO* for SQL Server 2008 R2 was released in July 2012. Lifecycles for service packs for server applications are one year, which means that support for Service Pack 1 installations expired in July, 2013. Personally I'd suggest not worrying about this two year old security update, but rather install the current Service Pack on your database instances.(There were also several Cumulative Updates, not available via WSUS, that apply to this version as well.)

The core build of SQL2008R2SP1 is 10.50.2500 (Jun 17 2011). Your image shows build 2550 as installed. Checking a reference of all known SQL Server builds, we'll find that 10.50.2550 is the build number including MS12-070.

So, the reason this update is reported as NotApplicable is because it's already included in the installed instance.

Hi Lawrence,

Thanks for this. Sorry but I got a case that the KB2716439 is not installing on the SQL 2005 server. The “select @@version” is shown below.

From the sqlserverbuilds.blogspot.sg/ it is showing I need to be on 9.00.5069.0.

On the WSUS server, it is Approval = Install.

But it is showing as “non-applicable”. The server is SPA01708

Any enlightenment?

Thanks,

Adrian

Part of the clue may lie in the description of what the update is.

https://technet.microsoft.com/library/security/ms12-070

"This security update resolves a privately reported vulnerability in Microsoft SQL Server on systems running SQL Server Reporting Services (SSRS). The vulnerability is a cross-site-scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the SSRS site in the context of the targeted user."

Do you have SQL Server Reporting Services installed?

Are those systems hosting a website for SSRS?

If not, then the update probably is Not Applicable.

Why do you distrust what the Windows Update Agent reports?

Do you have some other information that legitimately contradicts the NotApplicable state?

In the seven+ years I've been working with WSUS, I've never seen the WUA generate an incorrect evaluation on an update that's more than a month old (and those where it did, the whole world discovered it in two days and it was fixed in five).

Lawrence,

I am getting audited and it is a finding. I truly appreciate your answers as I need your answers to convince the auditors.

Yes, the server does not have reporting services installed.

I am just concerned that they will download the patch, manually run it on the server and if the install is successful, they say “See! It can install. Means you are missing a patch. Something is not right with the WUA.”.

Thanks for your help as always.

adrian