Randolph West takes a look at a patch:
Microsoft announced updates today for all supported versions of SQL Server, for a privilege escalation vulnerability that leverages Extended Events. For security reasons no further details have been provided, but you can expect more information in the near future, now that this update is public.
Be sure to grab the latest update for your version of SQL Server.