** Updated 24/09/2010 4:30PM ** – Updated with additional defensive workaround published by the ASP.NET team valid for ALL affected versions of SharePoint listed below.
Microsoft has recently blogged that the vulnerability in ASP.Net affects SharePoint and the workaround should be applied ASAP on every single SharePoint WFE server http://blogs.msdn.com/b/sharepoint/archive/2010/09/21/security-advisory-2416728-vulnerability-in-asp-net-and-sharepoint.aspx
Microsoft has recently released a Microsoft Security Advisory for a vulnerability affecting ASP.NET. This post documents recommended workarounds for the following SharePoint products:
- SharePoint 2010
- SharePoint Foundation 2010
- Microsoft Office SharePoint Server 2007
- Windows SharePoint Services 3.0
- Windows SharePoint Services 2.0