http://blogs.msdn.com/lcris/archive/2008/06/25/new-microsoft-security-advisory-on-sql-injection.aspxThis came up yesterday: http://www.microsoft.com/technet/security/advisory/954462.mspx . It has good information and links.en-USCommunityServer 2.1 SP1 (Build: 61025.2)