An new security notification regarding the ASP.NET vulnerability has been posted, http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx.
The Exchange team are recommending that you test and deploy this fix for affected servers, http://msexchangeteam.com/archive/2010/09/27/456453.aspx.