An important message to my IT contacts, thanks to Mike Hatfield, Nicom’s Chief Technology Officer, regarding a security vulnerability…
On the 17th of September, a security vulnerability was announced that affects all versions of ASP.NET and SharePoint web sites/applications that can allow someone to access very sensitive information if exploited.
A security update has been released today to address the problem. Please, make sure this Windows update is applied to your web, SaaS and SharePoint servers. Please see this article from Microsoft for more information: http://weblogs.asp.net/scottgu/archive/2010/09/30/asp-net-security-fix-now-on-windows-update.aspx.
As a developer, you normally cannot control updates that are applied to servers hosting your applications. You can, however implement the web.config work around that has provided by Scott Gutherie from Microsoft as documented on his blog here: http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx.