KB4014756 - FIX: SQL Server Profiler fails to obfuscate sp_setapprole when it's executed from a remote procedure call in SQL Server

Work anywhere from any device with Microsoft 365

Upgrade to Microsoft 365 to work anywhere with the latest features and updates.

Upgrade now

Symptoms

Assume that you use SQL Server Profiler to capture the SP:Starting and SP:Completed events in SQL Server.

When the sp_setapprole stored procedure is executed from a remote procedure call, the query statement is logged in the trace log in clear text. However, you expect it to be replaced with an obfuscated value that resembles the following:

-- 'sp_setapprole' was found in the text of this event.

-- The text has been replaced with this comment for security reasons.

Resolution

This issue is fixed in the following cumulative updates and service pack for SQL Server:

Cumulative Update 6 for SQL Server 2016 RTM

Cumulative Update 3 for SQL Server 2016 SP1

Cumulative Update 5 for SQL Server 2014 SP2

Cumulative Update 12 for SQL Server 2014 SP1

Cumulative Update 8 for SQL Server 2012 Service Pack 3

Each new cumulative update for SQL Server contains all the hotfixes and all the security fixes that were included with the previous cumulative update. Check out the latest cumulative updates for SQL Server:

Latest cumulative update for SQL Server 2016

Latest cumulative update for SQL Server 2014

Latest cumulative update for SQL Server 2012 SP3

Service pack information for SQL Server 2016

This issue is fixed in the following service pack for SQL Server:

       Service Pack 2 for SQL Server 2016

Service packs are cumulative. Each new service pack contains all the fixes that are in previous service packs, together with any new fixes. Our recommendation is to apply the latest service pack and the latest cumulative update for that service pack. You do not have to install a previous service pack before you install the latest service pack. Use Table 1 in the following article for finding more information about the latest service pack and latest cumulative update.

How to determine the version, edition and update level of SQL Server and its components

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References

Learn about the terminology that Microsoft uses to describe software updates.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×