The webpage for the ASP.NET Security vulnerability reported yesterday has been updated with more and better information. A MSI mitigation option has also been posted that basically adds a new HttpHandler to your machine.config to prevent the attacks from being successful. >> PLEASE GO READ THIS ASAP TO SEE IF YOU ARE VULNERABLE << http://www.microsoft.com/se... am getting intermittant 404's, but keep trying.) http://support.microsoft.co... ......
A potential ASP.NET security vulnerability has been published by MSFT.
http://www.microsoft.com/security/incident/aspnet.mspx
Questions/discussion of the vulnerability can be directed here:
http://www.asp.net/Forums/ShowForum.aspx?tabindex=1&ForumID=25