Recently Microsoft announced a security vulnerability in ASP.NET and offered a couple of ways to protect against it.  The first solution is to modify code in your applications global.asax.xx code file.  No problem if you don't mind updating every ASP.NET application already in production.  The second option is to install the ValidatePath httpModule that covers all ASP.NET applications on a server.  Obviously option 2 is going to be best for situations where you have server access and multiple applications running, but there are cases where this will cause a problem.  Reporting Services is one application that does not play well with the ValidatePath module.  If you read my post about Reporting Services and Custom Assemblies you would not be surprised.  The good news is that now Microsoft has a KB article describing the problem and the steps to correct it.  So, until we get the next ASPNET_ISAPI.dll with the patch imbedded you might want to become familiar with KB887787

Here is the error message you get with Reporting Services and the ValidatePath module until you apply the fix to reporting services.

Server Error in '/ReportServer' Application.