ASP.NET developers have no doubt heard about the ASP.NET security vulnerability announced September 17 in aMicrosoft Security Advisory. Scott Guthrie has been regularly blogging with updates about the vulnerability on his blog. Yesterday, Scott posted that Microsoft had released a Security Update containing multiple patches for the ASP.NET vulnerability.
The blog post contains a list of the patches in the update, along with their respective Microsoft KB articles, grouped by operating system. The patches cover all current Windows Server and client OSs and .NET Framework 1.1 SP1 and later. It also contains FAQs that clarify points about applying the update on your web servers. Guthrie noted that applying the security patches removes the need to use the security workarounds he published in earlier blogs.