"An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server," Redmond said today. Microsoft's Scott Guthrie provides an in-depth overview of the flaw on his blog.
Today's release comes only 11 days after Microsoft initially warned of the bug, making for one of the company's quickest turnarounds -- second to a seven-day release in January. Given the urgency, Microsoft issued the fix a couple weeks ahead of its usual monthly release cycle, though it won't be available through Windows Update for a few days. Until then, network admins and consumers can manually download the patch via the Microsoft Download Center without waiting for widespread distribution.