Sites that support automatic background updates will be updated to WordPress 4.0.1 automatically. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will be updated to 3.9.3, 3.8.5, or 3.7.5 to keep everything secure. (They don’t support older versions, so please update to 4.0.1 so that critical updates are automatically installed.)
WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.
If you would like advice regarding WordPress updates or any security issue, then contact me and I can take a look at what’s needed to keep your website secure.