FIX: Masked data is exposed when a query that uses sp_cursorfetch is run in SQL Server if Dynamic Data Masking is enabled

Applies to: SQL Server 2016 DeveloperSQL Server 2016 EnterpriseSQL Server 2016 Enterprise Core


Assume that you use Dynamic Data Masking (DDM) on a column to mask sensitive data in a table in Microsoft SQL Server 2016 or 2017. You may notice that the masked data is exposed when you run a query that uses the sp_cursorfetch stored procedure.


This problem is fixed in the following cumulative udpates for SQL Server:

Cumulative Update 13 for SQL Server 2017

Cumulative Update 5 for SQL Server 2016 SP2

Cumulative Update 11 for SQL Server 2016 Service Pack 1


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


Learn about the terminology Microsoft uses to describe software updates.