STIGQter STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

SQL Server must have the Full-Text Search software component removed if it is unused.

DISA Rule

SV-82325r1_rule

Vulnerability Number

V-67835

Group Title

SRG-APP-000141-DB-000091

Rule Version

SQL4-00-016815

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Either using the Start menu or via the command "control.exe", open the Windows Control Panel. Open Programs and Features. Double-click on Microsoft SQL Server 2014. In the dialog box that appears, select Remove. Wait for the Remove wizard to appear.

Select the relevant SQL Server instance; click Next.

Select Full-Text and Semantic Extractions for Search; click Next.

Follow the remaining prompts, to remove Full-Text and Semantic Extractions for Search from SQL Server.

Check Contents

If the SQL Server full-text search feature is used and satisfies organizational requirements, this is not a finding.

From a command prompt or the Start menu, using an account with System Administrator Privilege, open services.msc. Look for: "SQL Full-text Daemon Launcher(<Instance name>)".

If the "SQL Full-text Daemon Launcher(<Instance name>)" service exists, this is a finding.

Vulnerability Number

V-67835

Documentable

False

Rule Version

SQL4-00-016815

Severity Override Guidance

If the SQL Server full-text search feature is used and satisfies organizational requirements, this is not a finding.

From a command prompt or the Start menu, using an account with System Administrator Privilege, open services.msc. Look for: "SQL Full-text Daemon Launcher(<Instance name>)".

If the "SQL Full-text Daemon Launcher(<Instance name>)" service exists, this is a finding.

Check Content Reference

M

Target Key

2639

Comments