Microsoft’s SQL Data Discovery & Classification could inform attackers which data within a database is labeled sensitive. The tool is built into Microsoft’s new version of the company’s SQL Server 2019. Microsoft: “The reported findings do not pose a security risk and we do not plan to address it with a security update” An attacker who is able to ascertain exactly where valuable data is located can bypass the added step of scanning application tables for sensitive data. An attacker could also update sensitive data with the label “Drop Sensitivity Classification””]