CVE-2017-8516 - Microsoft SQL Server Analysis Services Information Disclosure Vulnerability RRS feed

  • Question

  • I need help determining if I need to apply security update: CVE-2017-8516 - Microsoft SQL Server Analysis Services Information Disclosure Vulnerability.

    Is this vulnerability only possible if running Analysis Services in your sql server?

    If I do not have SSAS installed or is disabled, do I still have the vulnerability?

    Thank you so much,



    Friday, January 12, 2018 4:26 PM


  • Hi Paulino, 

    This security update addresses the vulnerability by correcting how SQL Server Analysis Services enforces permissions. If you haven't installed an Analysis Service on your machine, there is no need to apply this update.

    Best Regards,


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by Paulino PP Wednesday, January 17, 2018 12:57 PM
    Monday, January 15, 2018 1:38 AM