Patches are available for several versions of SQL Server today, addressing an elevation of privilege vulnerability. There isn't much detail available except that it pertains to Extended Events. More details:

• Elevation of Privilege Vulnerability
• Common Vulnerabilities and Exposures : CVE-2021-1636
• KB #4583468 – Microsoft SQL Server elevation of privilege vulnerability

There are patches for GDR or CU for all supported versions of SQL Server (except 2012 SP4 which doesn't have a CU branch). Find the download for your version on the appropriate page:

• SQL Server 2012 SP4
• SQL Server 2014 SP3
• SQL Server 2016 SP2
• SQL Server 2017
• SQL Server 2019

If there isn't a fix available for your branch, it might be time to consider moving to a supported version.