Scott Guthrie noted on his blog that Microsoft will ship, on Tuesday, a hotfix for the ASP.NET cryptographic padding oracle exploit. It is to be released at 10 a.m. PDT; that’s 1 p.m. EDT / 17:00 GMT.
Guthrie says the patch has been fully tested and, once installed, removes the need for the previously published workarounds. As in, after you install this patch, you can turn off custom errors or use custom error files for specific errors.
Glad Microsoft worked this out so quickly. Don’t fail to get and apply this patch.
All links in this post on delicious: http://www.delicious.com/dougvdotcom/asp-net-crypto-exploit-patch-ships-tuesday-sept-28