Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure

It's been a while since SQL Server security needed a patch and today it just happened. A vulnerability in Microsoft XML Editor allows an attacker to obtain sensitive information by using a custom Web Service Discovery (.disco) file. Read more about this vulnerability here