Update to Recent ASP.NET Vulnerability

Thanks again to Brian Moore for this information:

ASP.NET Security Vulnerability Update!

The ASP.NET Team has posted an update on the reported vulnerability at http://www.microsoft.com/security/incident/aspnet.mspx.

We released a new HTTP Module mitigation best practice. This is in the form of an MSI installer that will help protect all ASP.NET applications on a Web server. This installer will place a binary into the GAC and update the machine.config file for ASP.NET. You can find download information at http://www.microsoft.com/downloads/details.aspx?FamilyID=da77b852-dfa0-4631-aaf9-8bcc6c743026&displaylang=en. We have posted detailed guidance about the HTTP Module, how the MSI works, and how to deploy it. You can find this KB Article at http://support.microsoft.com/?kbid=887289.

We recommend that you immediately apply the HTTP Module mitigation best practice to all affected servers.

If you are unable to apply the HTTP Module mitigation best practice (e.g., you do not manage the servers or the servers are hosted by a provider), continue to implement the sample code shown below.