This update fixes vulnerabilities reported in public advisory released on 4th January 2013. You can find the advisory here.
The list of CVEs getting addressed are - CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 & , CVE-2013-0632. The hotfix resolves authentication bypass vulnerabilities and information disclosure vulnerability.
Personally I highly recommend securing every public facing server (including unsupported versions). Access to internal components like Administrator, CFCExplorer, AdminAPI etc. should be blocked for any unwanted access or should be under IP address restriction. Adding link for reference to Lockdown guides here. coldFusion 9 Lockdown Guide & ColdFusion 10 Lockdown Guide.