Today, Microsoft released two patches for some SQL Server 2005 and 2000 editions. These patches prevent attackers from being able to execute code remotely on SQL Server systems, such as with a SQL injection attack. These security updates are rated Important, and downloading the patches might require a system restart. To find out if the SQL Server version you're running is affected, and to learn more about the patches, see "Microsoft Security Bulletin MS09-004 – Important" and "Microsoft Security Bulletin Summary for February 2009."
Microsoft will be offering a webcast (TechNet Webcast: Information About Microsoft February Security Bulletins (Level 200)) on Wednesday, February 11 at 11am PT to answer questions about these patches. To receive advanced notice of software patches, sign up for Microsoft Technical Security Notifications at http://www.microsoft.com/technet/security/bulletin/notify.mspx.