If you’re running Analysis Services, Microsoft would like a word with you:
There is a potential leak of restricted data that is not protected correctly by the Object-Level Security (OLS) system in Microsoft SQL Server 2017 Analysis Services. The OLS system does not restrict access to data and metadata correctly in cases in which a measure that is defined in a query has a reference to a secured column or table. For this reason, the restricted data is exposed. Because of this vulnerability, a user can bypass the protection and get access to the restricted data.
The updates are available for SQL Server 2017 and for SQL Server 2017 Cumulative Update 14. You should probably apply this if you’re the kind of person who keeps personally identifiable stuff in your Analysis Services cubes.
While you’re at it, it turns out hyperthreading is even worse than we thought. Operating-system level fixes coming for that this week too, most likely.
