Thursday, October 07, 2004 8:50 PM
The webpage for the ASP.NET Security vulnerability reported yesterday has been updated with more and better information. A MSI mitigation option has also been posted that basically adds a new HttpHandler to your machine.config to prevent the attacks from being successful.
>> PLEASE GO READ THIS ASAP TO SEE IF YOU ARE VULNERABLE <<
http://www.microsoft.com/security/incidient/aspnet.mspx
(I am getting intermittant 404's, but keep trying.)
http://support.microsoft.com/?kbid=887289