So, I anticipate the following happening:

Me: Hey boss, Microsoft has released a security patch. Steve Jones recommends we should patch all of our servers.

Boss: LOL

As a SQL professional, I get it when when Microsoft says "hey everyone, heads up!!", and not need a whole lot of supporting data. Boss-man however is going to have a lot of questions, and I need to be able to explain what the nature of the risk is, and if we even need to be concerned.

I've read through the descriptions provided by Microsoft and it doesn't give a whole lot of details on what exactly is being fixed:

"This update resolves vulnerabilities in Microsoft SQL Server that could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address. This leads to a function call to uninitialized memory."

Huh???

I need ammo to justify taking the time and resources away from all my other work and patching our servers.

Can anyone elaborate further on this?

Thanks,

Mike