Last week Microsoft release an alert on an security vulnerability associated with ASP.NET. A workaround was announce while waiting an official.
Today, Microsoft release the official security patch. Here is the link to access the security bulletin and the files: http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx
For more information, you can also look at the blog of Scott Guthrie about the security issue http://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspx
So as per the recommendation of Microsoft, you should apply the patch to make sure you web application as soon as possible.