Microsoft released a new Critical Security Bulletin that affects SQL Server today.
If you haven't ever actually looked at one of these, let me first tell you that you can expect to be completely confused by it. The last update like this for SQL Server out of band created more than its share of Forums questions. To make it easier to understand which download you need to get, let me highlight a often overlooked section:
If you scroll all the way down the page, there is an expandable Frequently Asked Questions (FAQ) Related to This Security Update section:
If you expand this section it makes it easier to tell which patch you need to download and apply:
To get your version information run SELECT @@VERSION while logged into your server. Then download the appropriate file and patch your SQL Server instance. Expect that this will be just like a service pack install and an outage will be required. In addition, if you are one of those people that has SQL Server disabled, if this patch gets picked up by Windows Update, it will fail to install because part of the install process is to stop then start SQL Server. This created a problem for a number of people with the last update like this one.