Later today Microsoft will release a security update intended to fix the ASP.NET Security vulnerability that has been in the headlines over the past few days.

Microsoft has issued advance notification of a security update scheduled for release at 10:00 AM PDT (6:00pm BST; 1pm EDT) today. This is an 'out-of-band' update, i.e. not part of the regular security patch schedule which takes place on the second Tuesday of the month, and signifies that this is an exceptional circumstance.

The update is intended to fix  the ASP.NET vulnerability and will be available via the Microsoft Download Center. It will then be released via Windows Update and the Windows Server Update Service. 

According to Scott Guthrie

Applying the update addresses the ASP.NET Security vulnerability, and once the update is applied to your system the workarounds we have previously blogged about will no longer be required.  Until you have installed the update, though, please do make sure to continue using the workarounds.

Microsoft has also scheduled a public webcast in which it will present information on the security bulletin and take customer questions for 1:00 PM PDT. You can register for the 90 minute event  here and it will be available on-demand afterwards

. 

Further reading

ASP .NET vulnerability - update

More on the ASP.NET vulnerability

New ASP .NET vulnerability

Microsoft Security Bulletin Advance Notification for September 2010 

Understanding the ASP.NET Vulnerability

Initial Blog Post