If it is true..
Microsoft has released an advisory to help customers understand the vulnerability and apply workarounds to secure their sites. The advisory is at http://www.microsoft.com/technet/security/advisory/2416728.mspx.
The Microsoft Security Response Center (MSRC) has released a blog at http://blogs.technet.com/b/msrc/archive/2010/09/17/security-advisory-2416728-released.aspx.
The Security Research & Defense (SRD) team at Microsoft has also released a blog that contains a script to help detect vulnerable installations. The blog is located at http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx
Scott Guthrie about the vulnerability
This is really scaring me.. http://www.youtube.com/v/yghiC_U2RaM