Microsoft published a patch for a flaw in ASP.NET. It’s rare as Microsoft usually delivers patches only once time a month during Patch Tuesday.
The newest patch was published one day after the information of a flaw in ASP.NET was publicly available. It also fixes three other previously unknown flaws.
„An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands“ - the bulletin from Microsoft states.

Source: SC Magazine
30.12.2011