Revision Note: V1.2 (September 24, 2010): Added an entry to the FAQ to announce a revision to the workaround, "Enable a UrlScan or Request Filtering rule, enable ASP.NET custom errors, and map all error codes to the same error page." Customers who have already applied the workaround should reapply all listed steps.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-070 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-070. The vulnerability addressed is the ASP.NET Padding Oracle Vulnerability - CVE-2010-3332.

More...