If you’ve already implemented the workaround we’ve
previously published, please add the above step to help block attackers from
exploiting the vulnerability.
Our team is working around the clock to release an update
via Windows Update that fixes the underlying product vulnerability. Until
that update is available, you can use the above workaround to help prevent
attackers from using the vulnerability against your applications.
Important Update: You can now download the official security
patch update here. Please install it ASAP on your servers – it is
the only way to protect against the vulnerability.
Once we release the security update, you will no longer need
to implement any workaround steps. You can learn more about this
vulnerability and the workaround from:
Microsoft Security Advisory 2416728 (Updated 9/24)
Understanding the ASP.NET Vulnerability
My Initial Blog Post
My Frequently Asked Questions Post
SharePoint Team Blog Post
Microsoft Security Response Center Blog Post
Microsoft Security Response Center Update Post
Please post specific questions about the vulnerability in this forum on the www.asp.net
web-site.
Thanks,
Scott