Windows Automatic Update, which is installed by default as the Lab standard, provides valuable cyber security, but it does not patch all possible vulnerabilities in Windows systems. Neither does it patch all vulnerabilities in Microsoft products on a system. Its purpose is to solely patch the operating system, but this does not include such add-on applications as MSSQL, IIS, or Office.  MSSQL (or its little brother MSDE) are often installed as part of application programs (some non-Microsoft).  It is important to patch your system after installation with one of these applications: