Last week Microsoft let the world know about a venerability in SQL Server which affects all currently supported versions of SQL Server. While it does require an extended events session to be running–All SQL Servers have a default session and it is not entirely clear if this default system session is included.
We recommend everyone running SQL Server to install the fix/patch as soon as possible. One note for versions 2012, 2014, and 2016–you must be running a minimum service pack to apply the update so you may have two updates to apply.
The official announcement gives official details of the vulnerability and the associated risks.
This update is being made available through Windows update. If you run your windows updates on a regular basis the update should be applied.