UPDATE: ASP.NET Security Vulnerability
There’s a critical vulnerability in ASP.NET which allows the attacker to gain access to the machine key and hence all the encrypted data in asp.net. Together with other exploits available in the target application, it can combine to give the attacker quite a fair bit of access to the target app.
You can find information about the flaw here.
Microsoft has a response which you can find here.
30 Sept: There is now an official patch, read all about it here