Since the patch has been released some time ago, we can now have more information. The security bulletin is quite devoid of technical information, but some clues can be gathered from reading the KB article about known issues. The patch does, basically, two things:
The patch activates TLS 1.1 support. This support was already included in Internet Explorer, but not enabled by default, because there were some buggy servers which did not tolerate it (in a SSL/TLS handshake, the client announces his maximum supported version, but some server implementations refuse to talk to clients who announce anything else than SSL 3.0 or TLS 1.0). Microsoft seems to have decided that fixing BEAST was more important than supporting faulty SSL servers.
The patch implements record splitting. In SSL/TLS, data is encoded as records, each record being encrypted by itself. The BEAST-related flaw is about records in SSL 3.0 and TLS 1.0 with CBC encryption, where the IV is extracted from the end of the previous record, thus predictable by an attacker eavesdropping on the line. Record splitting is about automatically splitting an n-byte records into two records, the first one being very small; this has mostly the same net effect as choosing a random IV for each record (which is what TLS 1.1+ does), and this fixes BEAST, with a small size overhead (not much). A 0/n split would be ideal (i.e. prefixing each data record with an empty record) but tends to break too many existing implementations, in particular the one in Internet Explorer 6.0; hence, a 1/n-1 split is often employed, and almost as good. This is probably what the Microsoft patch applies.
Record splitting is used when the server chooses SSL 3.0 or TLS 1.0, and a CBC-based cipher suite.
Note that practical application of BEAST also requires a rather flexible way to do cross-site requests, something which the BEAST designers (Duong and Rizzo) could achieve only by exploiting one of two weaknesses, which were in Javascript WebSockets (draft version) and in Java (Sun/Oracle implementation), respectively; both weaknesses were also fixed. The Microsoft patch we are discussing here addresses the underlying vulnerability of CBC encryption with predictable IV.