As part of SQL Server Management Studio v 17.4 release, Microsoft has released the Vulnerability Assessment tool, This is a very easy to use tool and helpful in identify the vulnerabilities at database level and tool also provides scripts and suggestions to re-mediate the vulnerabilities as well
In this article, we will see step by step how to run a vulnerability assessment, review the results and apply the remediation
Step 1: Please download and install SQL Server Management Studio v 17.4 or higher, Please refer to this link for details on download https://sqlxpertise.com/2017/12/11/sql-server-management-studio-v-17-4-is-released/
Step 2: After installing, Please run Management Studio and connect to target SQL Server on which you would like to run the assessment and select the database and right click on database name and click on Tasks and click on Vulnerability Assessment –> Scan for Vulnerabilities…

Step 3: Please select the location where you would like to store the reports and click “Ok” to start the assessment

Step 4: After assessment is completed, the report will be open as a new tab, The report will provide us the following details
a. How many security checks were completed ?
b. Number of Failed Checks and details
c. Number of Passed Checks and details

Step 5: To review details of each failed check, Please select the failed check and see details on the bottom



Depending on the check, the tool provides query to run the Rule and also script to remediate the issues as well

After running the remediation scripts, we can re-run the assessment and verify the results, in below screenshot you can see that the High Risk vulnerability is resolved and also one of the Low risk vulnerability is resolved

Step 6: If some of the checks are not applicable, Please use “Approve as Baseline” option

If you want to revert the change, you can re-run the scan and go to Passed tab and select the check and “Clear Baseline”
Step 7: To review previously run assessment results, Please select the database and right click and click on Tasks –> Vulnerability Assessment –> Open Existing Scan and select the folder and file where the scan was saved

I hope you find this article useful !!!
Like this:
Like Loading...