Blog do Ezequiel SQL Server Insights
Normally, two releases of a SQL security update are released:
The GDR release must be applied to all the SQL Server instances that keeps the RTM build or for the cases where only a Service Pack was installed.
The QFE release must be applied for the remaining cases. This means that the QFE version needs to be applied on the cases where a hotfix (generic SQL hotfix or a cumulative update) or a previous security update were installed after the initial installation (RTM) or after a Service Pack installation.
You can find all the information about the MS09-062 security update following this link:
Microsoft Security Bulletin MS09-062 - Critical http://www.microsoft.com/technet/security/bulletin/MS09-062.mspx
Microsoft Security Bulletin MS09-062 - Critical
This security update must be applied also on the cases where you have the Reporting Services role installed on a different machine from where you have the Database Engine role installed:
Reporting Services and the MS09-062 GDR (GDI+) http://blogs.msdn.com/psssql/archive/2009/10/15/reporting-services-and-the-ms09-062-gdr-gdi.aspx
Reporting Services and the MS09-062 GDR (GDI+)
The same is true for the cases you’ve the Visual Studio 2005/2008 installed to create/update a report or a Integration Services package on a different machine:
GDI+ Updated http://blogs.msdn.com/brianhartman/archive/2009/10/13/gdi-updated-again.aspx