In my first blog post I covered a workaround you can apply immediately on your sites and applications to prevent attackers from exploiting it.  Today, we are revising it to include an additional defensive measure.

This additional step can be done at a server-wide level, and should take less than 5 minutes to implement.  Importantly, this step does not replace the other steps in the original workaround, rather it should be done in addition to the steps already in it.  Below are instructions on how to enable it.