As part of SQL Server Management Studio v 17.4 release, Microsoft has released the Vulnerability Assessment tool, This is a very easy to use tool and helpful in identify the vulnerabilities at database level and tool also provides scripts and suggestions to re-mediate the vulnerabilities as well
In this article, we will see step by step how to run a vulnerability assessment, review the results and apply the remediation
Step 1: Please download and install SQL Server Management Studio v 17.4 or higher, Please refer to this link for details on download https://sqlxpertise.com/2017/12/11/sql-server-management-studio-v-17-4-is-released/
Step 2: After installing, Please run Management Studio and connect to target SQL Server on which you would like to run the assessment and select the database and right click on database name and click on Tasks and click on Vulnerability Assessment –> Scan for Vulnerabilities…
Step 3: Please select the location where you would like to store the reports and click “Ok” to start the assessment
Step 4: After assessment is completed, the report will be open as a new tab, The report will provide us the following details
a. How many security checks were completed ?
b. Number of Failed Checks and details
c. Number of Passed Checks and details
Step 5: To review details of each failed check, Please select the failed check and see details on the bottom
Depending on the check, the tool provides query to run the Rule and also script to remediate the issues as well
After running the remediation scripts, we can re-run the assessment and verify the results, in below screenshot you can see that the High Risk vulnerability is resolved and also one of the Low risk vulnerability is resolved
Step 6: If some of the checks are not applicable, Please use “Approve as Baseline” option
If you want to revert the change, you can re-run the scan and go to Passed tab and select the check and “Clear Baseline”
Step 7: To review previously run assessment results, Please select the database and right click and click on Tasks –> Vulnerability Assessment –> Open Existing Scan and select the folder and file where the scan was saved
I hope you find this article useful !!!