Fix available to protect SharePoint servers from ASP.NET vulnerability
Today the fix shipped to remedy a cryptographic ASP.NET vulnerability. The update is listed as Important, and it is strongly recommended that this security update be applied to all IIS servers including those hosting SharePoint and other ASP.NET applications. Though the greater risk is to public-facing servers, all servers should be protected.
How to protect SharePoint servers from the ASP.NET vulnerability
On Friday an ASP.NET vulnerability was announced at an Argentine security conference, Microsoft posted Security Advisory 2416728 within a few hours, and by early Saturday morning Scott Guthrie described steps to mitigate ASP.NET sites against the vulnerability. Scott also posted a FAQ about the vulnerabilty that describes steps being taken towards a permanent solution, and how to detect attacks by monitoring server logs. Monday the SharePoint Products and Technologies team posted Steps to protect SharePoint 2010 sites from the vulnerability.