In-case you missed it CVE-2018-8273 | Microsoft SQL Server Remote Code Execution Vulnerability was released yesterday,was marked as Critical and affects SQL Server 2016 & 2017
Further information and downloads can be found here. It should be included in the next SQL Server patching cycle.
If you’re rolling out new servers, you may want to apply it now.
Update: There was an issue with this patch and it has since been replaced