We recently released a Microsoft Security Advisory about a security vulnerability in ASP.NET.  Richard Riley's post on SharePoint Team blog documents recommended workarounds for the following SharePoint products:

• SharePoint 2010
• SharePoint Foundation 2010
• Microsoft Office SharePoint Server 2007
• Windows SharePoint Services 3.0
• Windows SharePoint Services 2.0

Workarounds are not necessary for the following product:

• SharePoint Portal Server 2003