September 20, 2010 
Scott Gu has a great blog post discussing the workaround that must be applied to your sites. In a nutshell the recommended workaround is to specify a single error page for all errors.
NOTE: This also affects SharePoint, it is an ASP.NET application after all. Go check out the solution over at the SharePoint Team Blog. An updated workaround has been posted for SharePoint 2007.
On .NET Framework 3.5 and earlier is to ensure your web.config has the following added to your web.config (assuming you already have a web.config):
<location allowOverride="false">
<system.web>
<customErrors mode="On" defaultRedirect="~/error.html" />
</system.web>
</location>
On .NET Framework 3.5 SP1 and later ensure your web.config has the following added to your web.config:
<location allowOverride="false">
<system.web>
<customErrors mode="On" redirectMode="ResponseRewrite" defaultRedirect="~/ErrorPage.aspx" />
</system.web>
</location>
For example if you had a .NET 3.5 SP1 or later application you would Insert the text (in the red square) into your existing web.config file:
Here are links to more information:
http://www.microsoft.com/technet/security/advisory/2416728.mspx
http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx
http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
Azure DevOps and Visual Studio Awesomeness 
No comments yet... Be the first to leave a reply!