A number of other notable bloggers in the Team System space have already blogged about this but it is important enough that we need to get the word out to a large audience.
Microsoft posted a security update for TSWA 2008 SP1. I would recommend that everyone install this update, but especially anyone that exposes their TSWA to the Internet as that is where the greatest risk lies.
Hakan Eskici has the original post for Microsoft.
There is no KB article yet, I will update this post when one becomes available. The KB article can be found at: http://support.microsoft.com/kb/961267
“A security issue has been identified with Team System Web Access 2008 SP1 and we have recently published an update that fixes it. Please note that this is a full release, so you will need to uninstall any existing versions of Web Access before installing this update.” – Hakan
The download link will bring you to the TSWA 2008 SP1 download page. Since it is a full install, they have replaced the vulnerable TSWA version with the updated one.
To verify if you have the Update installed, select the Help | About menu from TSWA and check the version. It should be 9.0.3275 for TSWA 2008 SP1 Update.