Good news for Exchange administrators! MSExchange Team blogged more details about the ASP.NET vulnerability and our favorite product: Microsoft Exchange.
Long story short:
The Exchange Server team has completed validation of this fix against Microsoft Exchange Server 2010, 2007 and 2003 and we are pleased to report that we have not identified any issues related to the application of this patch on an Exchange Server.
Read more at source: http://msexchangeteam.com/archive/2010/09/27/456453.aspx