on Aug 4, 2016Article Content
| Article Number | 000033344 |
| Applies To | RSA Product Set: ECAT RSA Product/Service Type: ECAT RSA Version/Condition: 4.1.x Platform: Windows Platform (Other): MSSQL Server Product Name: ECAT |
| Issue | In certain environments it is requested that any extended stored procedures should be disabled. Web link resources for more information: Extended Stored Procedures should not be enabled as good practice. In Centre for Internet Security (CIS) Benchmark for SQL Server 2008r2 and 2012, for the Extended Stored Procedures listed, the recommendation is for those stored procedures to be disabled. Source: https://labs.portcullis.co.uk/blog/ms-sql-server-audit-extended-stored-procedures-table-privileges/ An extended stored procedure (xp) is a dynamic link library that runs directly in the address space of SQL Server. You can run extended stored procedures as normal stored procedures. Extended stored procedures are used to extend the capabilities of SQL Server. You can take advantage of the many extended stored procedures that come with SQL Server, or you can write your own. Source: http://www.sswug.org/alexanderchigrik/sql-server/undocumented-sql-server-2012-extended-stored-procedures-part-2/ A specific question regarding the stored procedure called: xp_cmdshell extended |
| Resolution | There are two types of stored procedures. |