Put this in your .htaccess file that covers your blog. Do it now.
php_flag register_globals off
There is an exploit which has been reported and the above fixes it. Blogs are being hacked because of this and you MUST put that code in place.
UPDATE: The forum thread is here: http://wordpress.org/support/topic/41836 and the main advice in there is to replace your wp-settings.php with this file instead: new file. If you have modified your .htaccess you do not have to replace the file, but doing both will not cause anything to go wrong.