The flaw is what's known as a cross-site scripting and spoofing vulnerability, which makes it possible for an attacker to trick a user into running a malicious script on a victim's system. According to Microsoft's bulletin, if successful, an attacker could manipulate a Web browser and certain proxy server caches to place content of his or her choice within those Internet caches.
In its bulletin, Microsoft warns that users who created customized ASP pages should back up those pages before applying the update. Applying the update will overwrite the customized pages.
The Microsoft security bulletin is available here.