If I have a plaintext message M along with its encrypted equivalent E, and I know that it has been encrypted with a 256-bit AES key, is there a way to work out the key? Are there ways to do it, if M is long enough?
In theory yes. In reality no. You'll need either to have software running on the same machine that is performing the encryption and attack the system through cache analysis:
"In April 2005, D.J. Bernstein announced a cache-timing attack that he used to break a custom server that used OpenSSL's AES encryption. The custom server was designed to give out as much timing information as possible (the server reports back the number of machine cycles taken by the encryption operation), and the attack required over 200 million chosen plaintexts."
Or I would imagine that you could use a supercomputer to force crack it. I wouldn't know how long that would take though and so it would only be an issue if the encryption key was never changed. The algorithm is available in the public domain, but you'll still be tied to the implementation as they would have a bearing on the result.
No, there is no (efficient) way to do this. AES is designed to be even resistent against selected plaintext attacks. Thus brute-force is the only way to go.