SQLServerUpdates.com
  • Home – Most Recent Updates
    • SQL Server 2019 Updates
    • SQL Server 2017 Updates
    • SQL Server 2016 Updates
    • SQL Server 2014 Updates
    • SQL Server 2012 Updates
    • SQL Server 2008 R2 Updates
    • SQL Server 2008 Updates
  • Download SQL Server
  • Subscribe to Updates
  • Contact Us
    • Frequently Asked Questions

Security Update for SQL Server 2017 Analysis Services

4 years ago
Brent Ozar
SQL Server 2017, Updates
No Comments

If you’re running Analysis Services, Microsoft would like a word with you:

There is a potential leak of restricted data that is not protected correctly by the Object-Level Security (OLS) system in Microsoft SQL Server 2017 Analysis Services. The OLS system does not restrict access to data and metadata correctly in cases in which a measure that is defined in a query has a reference to a secured column or table. For this reason, the restricted data is exposed. Because of this vulnerability, a user can bypass the protection and get access to the restricted data.

The updates are available for SQL Server 2017 and for SQL Server 2017 Cumulative Update 14. You should probably apply this if you’re the kind of person who keeps personally identifiable stuff in your Analysis Services cubes.

While you’re at it, it turns out hyperthreading is even worse than we thought. Operating-system level fixes coming for that this week too, most likely.

Brent Ozarhttp://sqlserverupdates.com
I make Microsoft SQL Server faster and more reliable. I love teaching, travel, and laughing.
Previous Post
New Updates: SQL Server 2014 SP3 CU3, SP2 CU17
Next Post
Announcing SQL Server 2017 CU15, SQL Server 2016 SP2 CU7

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Subscribe

Want to get an email when Microsoft publishes a new SP or CU for SQL Server? Subscribe here.

Recent Updates

  • SQL Server 2022 Gets Its 2nd Update in 2 Days February 16, 2023
  • SQL Server 2022 Gets Its First Update! Plus 2019, 2017, 2016, 2014 Updates February 14, 2023
  • Announcing SQL Server 2019 CU15 January 27, 2022
  • Announcing SQL Server 2019 CU13 and SSMS 18.10: Replication Improvements October 5, 2021
  • Announcing 2016 Service Pack 3 and 2017 CU26 September 15, 2021

© 2021 Brent Ozar Unlimited®. All Rights Reserved. Privacy Policy