SANS Internet Storm Center MS ACK's Vulnerability in SQL Server which Could Allow Remote Code Execution According to published reports, the vulnerability was reported to Microsoft in April and "a fix for this vulnerability has been completed", but there's no patch release date mentioned at this time. Exploit code is available.