From the KB article http://support.microsoft.com/kb/967552:
The fix applies to the queries executing in the database with Simple Parameterization enabled.
The fix does not apply to the queries executing in the database with Forced Parameterization option enabled.
The fix does not apply to the queries that are explicitly parameterized using sp_executesql stored procedure.
So our security posture of using explicit parameterization (which I'm pretty sure is the industry standard to prevent SQL injection... doesn't Microsoft even specifically recommend this??) means there is no fix for us.