This problem is now addressed in the following knowledge base article:
If you’ve installed the Validate Path Module because of the vulnerability in ASP.NET on a machine with SQL Server Reporting Services, then you’ve got troubles. Here is the exception I'm seeing:
Request for the permission of type System.Web.AspNetHostingPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.
I dumped the PublicKeyBlob of the new assembly with the Caspol.exe utility and granted the module Full Trust (as the other GAC'ed assemblies signed by Microsoft have been given). Place the following into both the rssrvpolicy.config and rsmgrpolicy.config files. I placed the entry just underneath the Microsoft_Strong_Name CodeGroup.
I hope this gets everyone up and running again. If I see any official configuration information from MS, I'll update this post to pass it along
UPDATE Oct 11: No official word yet. If you are getting the following exception after updating both policy files, than restart the web server (IISRESET from the command line will work). Thanks to Adam Creeger for the tip.
Assembly microsoft.web.validatepathmodule.dll security permission grant set is incompatible between appdomains.