Symptoms

Assume that you are using Dynamic Data Masking (DDM) on a column to protect your sensitive data in a table in Microsoft SQL Server 2016 and 2017. You may notice that the sensitive data is exposed when you execute a query that contains the following statements:

  • KEYSET READ_ONLY cursors.

  • PIVOT queries with masking that are defined on the aggregated pivot column.

  • User-defined functions (UDFs) that return a subquery.

Resolution

This issue is fixed in the following cumulative updates for SQL Server:

       Cumulative Update 10 for SQL Server 2017

       Cumulative Update 3 for SQL Server 2016 SP2

       Cumulative Update 10 for SQL Server 2016 SP1

Each new cumulative update for SQL Server contains all the hotfixes and all the security fixes that were included with the previous cumulative update. Check out the latest cumulative updates for SQL Server:

Latest cumulative update for SQL Server 2017

Latest cumulative update for SQL Server 2016

Workaround

As a workaround for this issue, you may avoid using problematic Transact-SQL (T-SQL) statements, and rewrite the code to use different T-SQL statements.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References

Learn about the terminologythat Microsoft uses to describe software updates.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×