We recommend immediately applying the security update to
your servers in order to protect your applications against attackers trying to
exploit them. We’d like to thank Juliano Rizzo and Thai Duong, who
discovered that their previous research worked against ASP.NET, for not
releasing their POET tool publicly before our update was ready.
You can ask questions and get help with the security
vulnerability and update in a special ASP.NET Forum that we have setup here. If you
have problems or questions you can also contact Microsoft
Customer Support for help (including support over the phone with a support
engineer). The official Microsoft Security Bulletin post is here.
Thanks,
Scott