You might have heard by now about the latest security advisory for ASP.NET (# 2416728 ) that many folks are talking about. It involves the being able to request and download files via the web.config file. Scott Guthrie’s blog post as well as the advisory discuss how to address the issue.
This issue also affects SharePoint because it is an ASP.NET application. Microsoft has recently blogged that it affects SharePoint and the workaround should be applied ASAP on every single SharePoint WFE server. Check the SharePoint team blog post for details .