Microsoft has issued advance notification of a security update scheduled for release at 10:00 AM PDT (6:00pm BST; 1pm EDT) today. This is an 'out-of-band' update, i.e. not part of the regular security patch schedule which takes place on the second Tuesday of the month, and signifies that this is an exceptional circumstance.
The update is intended to fix the ASP.NET vulnerability and will be available via the Microsoft Download Center. It will then be released via Windows Update and the Windows Server Update Service.
According to Scott Guthrie
Applying the update addresses the ASP.NET Security vulnerability, and once the update is applied to your system the workarounds we have previously blogged about will no longer be required. Until you have installed the update, though, please do make sure to continue using the workarounds.
Microsoft has also scheduled a public webcast in which it will present information on the security bulletin and take customer questions for 1:00 PM PDT. You can register for the 90 minute event here and it will be available on-demand afterwards
ASP .NET vulnerability - update
More on the ASP.NET vulnerability
New ASP .NET vulnerability
Microsoft Security Bulletin Advance Notification for September 2010
Understanding the ASP.NET Vulnerability
Initial Blog Post