This patches a number of security vulnerabilities found in Mambo 4.5.4 SP2 and below.  If you are not running Mambo 4.5.4 SP2 then you should patch up to this version prior to applying this new patch.

1)  Take your site offline:  Site->Global Configuration->Site Offline (YES).
2)  Extract the patch into your existing Mambo 4.5.4 installation and let the files overwrite the existing files with the same names.  The patch mirrors the existing Mambo file/folder structure so the files will go into the correct locations when extracted.  
3)  Bring your site back online:  Site->Global Configuration->Site Offline (NO).

That's it.  Patch Complete.