I just heard through the grapevine about a vulnerability in Git. This affects anyone who's using Git, including TFS-integrated Git.
More details on Brian Harry's blog.
The blog provides corrective action, so please go read it and follow the instructions ASAP to protect yourself!