In the video, Adrian Stone go in to details on each bulletin to cover vulnerabilities, affected platforms, attack vectors, and mitigations: “To clarify what bulletin states, if you don’t have any Windows 2000 SP4 clients then you don’t need to apply SQL Server update that corresponds to version of SQL Server you’re running. You would only need to apply update for client operating systems on your network. This’s because on platforms newer than Windows 2000 SP4, os will use its own version of affected component (gdiplus.dll) rather than one distributed by RSClientPrint ActiveX control through SQL Server Reporting Services.