SQLServerUpdates.com
  • Home – Most Recent Updates
    • SQL Server 2022 Updates
    • SQL Server 2019 Updates
    • SQL Server 2017 Updates
    • SQL Server 2016 Updates
    • SQL Server 2014 Updates
    • SQL Server 2012 Updates
    • SQL Server 2008 R2 Updates
    • SQL Server 2008 Updates
  • Download SQL Server
  • Subscribe to Updates
  • Contact Us
    • Frequently Asked Questions

Security Update for SQL Server 2017 Analysis Services

4 years ago
Brent Ozar
SQL Server 2017, Updates
No Comments

If you’re running Analysis Services, Microsoft would like a word with you:

There is a potential leak of restricted data that is not protected correctly by the Object-Level Security (OLS) system in Microsoft SQL Server 2017 Analysis Services. The OLS system does not restrict access to data and metadata correctly in cases in which a measure that is defined in a query has a reference to a secured column or table. For this reason, the restricted data is exposed. Because of this vulnerability, a user can bypass the protection and get access to the restricted data.

The updates are available for SQL Server 2017 and for SQL Server 2017 Cumulative Update 14. You should probably apply this if you’re the kind of person who keeps personally identifiable stuff in your Analysis Services cubes.

While you’re at it, it turns out hyperthreading is even worse than we thought. Operating-system level fixes coming for that this week too, most likely.

Brent Ozarhttp://sqlserverupdates.com
I make Microsoft SQL Server faster and more reliable. I love teaching, travel, and laughing.
Previous Post
New Updates: SQL Server 2014 SP3 CU3, SP2 CU17
Next Post
Announcing SQL Server 2017 CU15, SQL Server 2016 SP2 CU7

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Subscribe

Want to get an email when Microsoft publishes a new SP or CU for SQL Server? Subscribe here.

Recent Updates

  • Announcing SQL Server 2019 CU21, 2022 CU5 June 15, 2023
  • SQL Server 2022 CU3: How Stella Got Her Groove Back April 13, 2023
  • SQL Server 2022 Gets Its 2nd Update in 2 Days February 16, 2023
  • SQL Server 2022 Gets Its First Update! Plus 2019, 2017, 2016, 2014 Updates February 14, 2023
  • Announcing SQL Server 2019 CU15 January 27, 2022

© 2021 Brent Ozar Unlimited®. All Rights Reserved. Privacy Policy