Patches are available for several versions of SQL Server today, addressing an elevation of privilege vulnerability. There isn't much detail available except that it pertains to Extended Events. More details:
- Elevation of Privilege Vulnerability
- Common Vulnerabilities and Exposures : CVE-2021-1636
- KB #4583468 – Microsoft SQL Server elevation of privilege vulnerability
There are patches for GDR or CU for all supported versions of SQL Server (except 2012 SP4 which doesn't have a CU branch). Find the download for your version on the appropriate page:
If there isn't a fix available for your branch, it might be time to consider moving to a supported version.