Microsoft has released a security bulletin regarding a security fix for MOSS 2007 and Search Server 2008.
This security update resolves a privately reported vulnerability. The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack leading to elevation of privilege could result in denial of service or information disclosure.
This security update is rated Important for all supported editions of Microsoft Office SharePoint Server 2007 and Microsoft Search Server 2008. For more information, see the MS08-077.
The security update was included within the October Cumulative Update so for those that have not applied the October CU, we recommend applying this security update at the earliest opportunity. Finally, we are planning to include this security update in Service Pack 2. Please follow best practices by testing and also make sure you have a recoverable backup of your environment before final deployment.