Microsoft has released a patch for a vulnerability in Microsoft IIS and products that run atop it. The vulnerability allows files on a web server to be specified using an alternate representation, in order to bypass access controls of some third-party applications. Microsoft FAQ on this issue here.
3e018303c480a9aebdbc441ccc8f65b9aa1f3e14e56e73cce3ebe8761c763a96