Microsoft is working to secure SQL servers. Clearly there's a group of bad guys focused on SQL.
How could an attacker exploit the patched vulnerabilities?
An authenticated attacker could create insert statements that cause a buffer overrun, thus corrupting memory in such a way as to allow code execution — and you can easily do INSERT statements in SQL injections if the code isn't sanitized properly.
We recommend that you try out the free HP Scrawlr and UrlScan tools mentioned the SQL advisory and apply the SQL update to your servers.