Microsoft will be releasing a security patch to address a vulnerability in ASP.NET documented in security advisory 2416728, “Vulnerability in ASP.NET Could Allow Information Disclosure.” The bulletin lists just about every still supported desktop and server OS along with what appears to be every still supported .NET version.
Initially the patch will only be available for manual download on Tuesday and will then make it to Windows Update in the next few days.