There’s a new Microsoft security bulletin you should be aware of before you take off on vacation. It isn’t an open exploit; you have to be an authenticated user to try it. Not only that, if you have all the latest service packs or SQL Server 2008 you don’t have the issue.
It has to do with the sp_replwritetovarbin stored procedure, which could take an unverified parameter. This stored proc is used in replication. and there are workarounds or you could just apply the service packs as mentioned.
You can read the complete bulletin here: http://www.microsoft.com/technet/security/advisory/961040.mspx