"Microsoft is currently unaware of any attacks targeting [this exploit], but we encourage affected customers to test and deploy the update as soon as possible," a note from the software giant reads. "Consumers are not vulnerable unless they are running a web server from their computer."
The issue is described as Vulnerabilities in .NET Framework Could Allow Elevation of Privilege, and is covered by Microsoft Security Bulletin MS11-100. The fix covers four individual vulnerabilities, one public and three that were reported privately to Microsoft. It impacts .NET Framework 1.1 Service Pack 1, .NET Framework 2.0 Service Pack 2, .NET Framework 3.5 Service Pack 1, .NET Framework 3.5.1, and .NET Framework 4 on all supported editions of Microsoft Windows, and is rated critical. (Obviously.)
According to Microsoft, the the update "addresses the vulnerabilities by correcting how the .NET Framework handles specially crafted requests, and how the ASP.NET Framework authenticates users and handles cached content."
Microsoft says most customers won't need to take any action at all because they have automatic updating enabled and this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating will want to manually check for updates and install this update immediately.