From Shawn Farkas: "Today we pushed .NET 1.0 SP3 and .NET 1.1 SP1 onto Windows Update as a Critical Update. You can also download the service packs from the MSDN download center."
Here's a brief review of what's new for security in each service pack:
.NET 1.0 SP3 (v1.0.3705.6018) [download | complete changelist]
323683: NTLM authentication is lost on every call
321562: FIX: Role-based authentication fails for users who belong to many groups
and these security related fixes that weren't from the CLR security team:
324488: Forms authentication and view state fail intermittently under heavy load
327132: FIX: PassportIdentity does not require secure PIN when security-enhanced authentication is requested
327523: Users can open Web pages without the correct NTFS permissions
.NET 1.1 SP1 (v1.1.4322.2032) [download | Windows 2003 download | complete changelist]
836989: FIX: A user receives a "security exception" error message while running user code that is based on the .NET Framework 1.1 in a partial trust environment
828295: FIX: Error Message: Security Exception: PermissionToken Index Does Not Match Index into m_unrestrictedPermSet
839289: FIX: The GC heap becomes corrupted when you use the .NET Framework System.Security.Cryptography.RSACryptoServiceProvider class
Download: .NET 1.0 SP3 (v1.0.3705.6018)
Download: .NET 1.1 SP1 (v1.1.4322.2032)
News source: Shawn Farkas Blog