On Saturday, 9/18/2010, Microsoft announced a security vulnerability in ASP.Net that could allow attackers to compromise data for any website running under ASP.Net. This vulnerability is outlined and a workaround is provided here: http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx.
Microsoft has stated their intent to resolve this vulnerability as quickly as possible. Until that time, the instructions at the URL shown above can be used to immediately lock down any ASP.Net applications that are in use. We strongly recommend all customers apply the workaround as soon as possible to all ASP.Net websites.
If you need any assistance implementing the workaround, please email support@jubjub.com or call 714-586-8500, option 1.
