Please see Scott Guthrie's blog for updated information on the recent ASP.NET vulnerability. 

His post includes an update to the original workaround and a link to the IIS URLScan module along with steps to implement.