Tonight we posted a bunch of information about a reported ASP.NET security vulnerability.  I urge you to take a look at the security incident page at:

That page has all the latest info and will continually be updated as new information becomes available.  You can also get in depth information on how to help protect your ASP.NET site by taking advantage of some simple code to programatically check for canonicalization issues at

There is also a discussion thread that I started on forums that you can find at -- you can ask questions directly there.

Brian Johnson also makes a great point about getting free support (in North America) on security/virus related issues by calling (866) PCSAFETY (I think this is pretty cool, never realized it before to be honest -- now I know where to send my friends and family when they have problems though :))