The vulnerability is in SQL Server 2000, 2005 and 2008. The vulnerability was discovered last fall by database-security vendor Sentrigo. Microsoft officials said the company is not planning to patch the flaw and does not see it as a problem that requires a security update. By looking at the process memory, an administrator can see other users passwords in cleartext. The flaw lies in the way that SQL Server handles user passwords. Microsoft did not consider the problem serious enough to warrant a patch.
Source: https://threatpost.com/new-unpatched-flaw-surfaces-sql-server-090209/73026/