First there's MS09-002 which addresses two vulnerabilities in Internet Explorer 7.
And then there is MS09-004 which patches a vulnerability in Microsoft SQL Server.
You can see from the bulletin that exploit code has already been published for the SQL vulnerability.
The Internet Explorer 7 vulnerability allows for Remote Code Execution on Windows XP SP2/3 and Windows Vista. Considering the installed base, and the high Exploitability assessment, expect to see exploits in-the-wild very soon.