Fix available to protect SharePoint servers from ASP.NET vulnerability
Today the fix shipped to remedy a cryptographic ASP.NET vulnerability. The update is listed as Important, and it is strongly recommended that this security update be applied to all IIS servers including those hosting SharePoint and other ASP.NET applications. Though the greater risk is to public-facing servers, all servers should be protected.
The fix was announced as a Security Bulletin:
http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx
A webcast will be held this afternoon to describe the vulnerability and to field questions:
https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032464130&Culture=en-US
The update can be downloaded here (dated Sept 27, 2010):
Here's to a safe week! Big thanks to all product teams involved for staying on top of this, providing incredibly fast guidance to keep customers safe, and now a permanent solution.