Today is black Tuesday for October 2012. One security bulletin is specifically for a component of the SQL Server stack: SQL Server Reporting Services. Here's the write-up from Microsoft:
This affects from SQL Server 2000 Reporting Services through SQL Server 2012 Reporting Services, all supported versions. This security bulletin provides a fix for a privilege escalation attack using cross-site scripting (XSS). If you have SQL Server Reporting Services in your environment, please read the bulletin and apply accordingly. At the present time there are no known attacks or publicly released exploits taking advantage of this vulnerability.