A Fine Slice Of SQL Server
SQL Server 2025 CU2 released on February 12, 2026. Build 17.0.4015.4, six fixes. I’ve been running 2025 since RTM, and have been watching things pretty closely — looking for fixes, what to flag for clients, and what’s still sitting in the ‘known issues’ category, pending correction.
Here’s the short version.
Click through for that short version.
Leave a CommentRebecca Lewis lays out the consequences of an existing bug:
If you use
SESSION_CONTEXT()in any query that can run with parallelism, you may be getting wrong results right now and not know it. This is not new. It has been a documented known issue since January 2022. It shipped unfixed in SQL Server 2019, 2022, and 2025 — and as of 2025 CU2 (February 12, 2026), it is still not resolved.This is easy to miss. It’s buried in the Known Issues section of CU release notes, and the symptoms — wrong results or dump files — do not obviously point back to SESSION_CONTEXT.
Read on to learn more about the issue, the current workaround, and how you can discern whether you are experiencing the issue today.
Leave a CommentDeepthi Goguri troubleshoots an issue:
I first updated the lower environments and then prod, but since most of the reports were used only in production, I didn’t see the issue coming. So, the issue with this release was that crash dump files were generated in the logfiles (C:\Program Files\Microsoft Power BI Report Server\PBIRS\LogFiles).
It’s bad enough that we who need to use Power BI Report Server are always at the end of the line when it comes to functionality, but this is adding insult to injury.
Leave a CommentAnthony Nocentino has an update:
Good news for anyone who’s been working around the AVX issue I wrote about in my previous post. Microsoft has fixed it in Cumulative Update 1 (CU1) for SQL Server 2025.
The downside is that CU1 broke other things like database mail, though I suppose you probably aren’t likely to use database mail on a containerized instance of SQL Server.
Comments closedMarco Russo clues us in on a bug:
In mid-January 2026, many Power BI Desktop users began noticing a strange visual regression: several icons in the interface—including the Data, Model, and DAX icons—appeared as solid black shapes instead of their normal outlines. The issue appeared suddenly, even on machines where Power BI Desktop had not been updated. Because it happened the same week that Power BI Desktop January 2026 was released, this led to understandable confusion.
The root cause was not Power BI Desktop itself but an unexpected regression in the WebView2 runtime, one of the external dependencies used to render parts of the UI. Microsoft confirmed the issue and is preparing an official fix.
Marco does have a temporary fix that works until Microsoft has the official fix in place.
Comments closedBrent Ozar notes some problems:
SQL Server 2025 Cumulative Update 1 came out last week, and I was kinda confused by the release notes. They described a couple dozen fixed issues, and the list seemed really short for a CU1.
However, the more I dug into it, the weirder things got. For example, there were several new DMVs added – which is normally a pretty big deal, something to be celebrated in the release notes – but they weren’t mentioned in the release notes. One of the DMVs wasn’t even documented. So I didn’t blog to tell you about CU1, dear reader, because something about it seemed fishy.
Read on for a big deal.
Comments closedBrent Ozar checks out the list:
Whenever a brand spankin’ new version of any software comes out, there are bugs, and SQL Server is no exception. This has led to a mentality where folks don’t wanna install a new version of SQL Server until the first couple of Cumulative Updates come out, hopefully fixing the first big round of bugs.
So… are there bugs this time around?
Read on to see the list. Though I will note that the SQL authentication logins being slower isn’t a bug. It’s a consequence of improving security via PBKDF2 and cranking up the number of iterations. On net, this is a good thing because it makes brute-force password attacks orders of magnitude more difficult while having negligible impact on legitimate users. In the post Brent links, Vlad Drumea has a comment talking about going from sub-1ms to 150ms per login attempt in his tests, and the neat thing about PBKDF2 is that it scales linerally with number of iterations, so as hardware gets faster and faster, you can increase the number of iterations necessary and maintain a fairly standard range of login times.
Comments closedFabiano Amorim has a post-mortem of a nasty privilege escalation bug in SQL Server:
This article explores a serious flaw in this security model – a SQL Injection vulnerability in
sys.sp_help_spatial_geography_histogramthat allowed a standard user on managed SQL Server instances (AWS, GCP, Alibaba, Azure) to completely bypass these restrictions, gain access to privileged user data, and decrypt the source code of internal management stored procedures.It was fixed in SQL Server 2022 CU20 (KB5063814), but this article explains how the exploit worked and the process of eliminating it.
Click through for the details and make sure your on-premises SQL Server instances are patched.
Comments closedAndreas Wolter describes a bug in SQL Server’s auditing capabilities:
Last week, I was contacted by an IT Leader from Saudi-Arabia who previously found several CVE’s in Oracle and Microsoft SQL Server. He wanted my opinion on a newly discovered security issue in SQL Server Auditing.
Interestingly, his findings directly overlap with a topic I wrote about just last month: Using Data Classification to Audit Data Access.
Emad Al-Mousa identified two vulnerabilities in the SENSITIVE_BATCH_COMPLETED Audit Action Group. Microsoft Security Response Center (MSRC) acknowledged the issue but classified it as low priority – meaning it may not be addressed until a major release, if at all.
Read on to see what the issue is and how you can trigger it today. Andreas also includes a workaround that will work in the meantime.
Comments closedI have a proper blog post coming out tomorrow for T-SQL Tuesday, but today, celebrate with me that SSMS 21 finally, at long last, fixes the irritating fact that the New Session window in SSMS for Extended Events always opened to the wrong size.
Click through for an example of the bug and how SSMS 21 fixes things. This type of bug is particularly pernicious because there aren’t scroll bars or any sort of indicator that some additional functionality exists, so unless you know that it’s there, you won’t know to look for it.
Comments closed