As part of its advance notification, Microsoft has released the list of security bulletins that should be coming our way Tuesday, Februarry 10, 2009. Among them is a remote code exploit rated Important by Microsoft for SQL Server. The affected software list shows SQL Server 2000 and 2005. It does not currently list SQL Server 2008 as affected, but stay tuned to the actual bulletin just in case because the advance notification is always preliminary and subject to change. You can see the notice here:
There are also two Critical vulnerabilities, one for Exchange and one for IE and another Important one for Visio.