I’ve been busy fixing the many applications at University today with this new security threat to ASP.NET applications.
Put simply, its a matter of canonicalization that could allow users to enter password protected areas of your sites by simply altering a URL.
A good how-to guide is available on the Microsoft support site, yet no formal fix has yet been released. You can protect your application however, by dropping 5 lines of code into your global.asax (available on the page)
Also for .NET developers, grab the patch for the GDI+ JPEG buffer overrun bug that has also recently been fixed.