Assume that you use Dynamic Data Masking (DDM) on a column in a table in Microsoft SQL Server 2016 or 2017 to mask sensitive data. When a low privileged user runs a specially crafted query, then the masked data may be exposed.
This issue is fixed in the following cumulative updates for SQL Server:
- Cumulative Update 15 for SQL Server 2017
- Cumulative Update 6 for SQL Server 2016 SP2
- Cumulative Update 14 for SQL Server 2016 SP1
About cumulative updates for SQL Server:
Each new cumulative update for SQL Server contains all the hotfixes and all the security fixes that were included with the previous cumulative update. Check out the latest cumulative updates for SQL Server: