This update resolves 3 security issues:
A further cross-site scripting issue was also corrected in the user list table. The final issue addressed a permissions issue where a user could sticky private posts when they would otherwise not have the permissions/rights to do so.
Due to the severity of these issues, WordPress is advising it’s users to update immediately.
WordPress users can update their CMS manually (access your WordPress dashboard and choose Updates -> Update Now). Since version 3.7 of WordPress an automatic updater (thanks to Sophos for this useful piece of information) will install the above mentioned update in the background. Full details of this update and how to install it are available in this WordPress blog post. WordPress.com hosted blogs such as the one you are reading now automatically receive such security updates.