Today we posted updated information to with additional information about the nature of the reported vulnerability and an additional mitigation best practice.  Our additional guidance is an HTTP Module that you can install onto a server that will mitigate all ASP.NET applications on the box and protect them against canonicalization issues we knew about at the time of publication.  This is easier then updating the global.asax for each application and if you are dealing with a whole lot of servers much easier to deploy.  You can grab the MSI installer for the HTTP Module at  There is also a new KB posted at that describes how to deploy the MSI and HTTP Module.

We will continue to update the landing page as new information or guidance becomes available, so keep checking back.