I would encourage anyone running ASP.NET to check out http://www.microsoft.com/security/incident/aspnet.mspx

Oddly enough - I was presenting on Security only yesterday. As part of that I came across a rather nice tool for checking for the GDI+ vulnerability on your machine. Check out http://isc.sans.org/gdiscan.php