Scott Gu in his latest post, announces a very serious security threat-vulnerability regarding ASP.Net sites.

Malicious users can exploit this vulnerability and download files from your asp.net application, including the web.config.

Well that would be awful with catastrophic consequences.

There is a script you can use to check if the web apps in your web server are vulnerable.

So everyone please check first and then act on it, if you are exposed to this security threat.

In the same blog post there are specific details on the workaround so no need to panick.

Please note that for the different versions of ASP.Net, you must apply different workaround.It does affect Sharepoint sites as well.