Last week’s published vulnerability in ASP.NET caught a lot of media attention and stirred quite some controversy in online community, since it was affecting all Microsoft ASP.NET versions, and even made it into many web-based server products, including SharePoint.
Even though, workarounds for this problem were announced on Scott Guthrie’s blog almost the same day, the official patch came out just two days ago (ASP.NET Security Fix Now on Windows Update).
Please note, that even though SharePoint 2007 was considered originally not affected by this problem, there was an updated post on SharePoint team site discussing certain variations, when this vulnerability still can be taken advantage of – Security Advisory 2416728 (Vulnerability in ASP.NET) and SharePoint.
Related links:
Official Microsoft Security Bulletin
Original post on ScottGu blog: Important: ASP.NET Security Vulnerability