Last week, I blogged about an ASP.NET security vulnerability that affected TFS: http://blogs.msdn.com/b/bharry/archive/2010/09/23/security-vulnerability.aspx

Yesterday, the ASP.NET team released a patch to fix the vulnerability: http://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspx

You can install the patch and remove the work arounds that I described in my previous post.  As you can see from Scott's post, they released updates for every version of the Framework since 1.1.  You will need to install the appropriate patch on any server that has any version of TFS or the TFS proxy, Sharepoint or Reporting Services.  You will need to look in Add/Remove Programs to see which versions of the Framework you have installed and install all the appropriate patches.

We're very sorry for the invonvenience this has caused.  The ASP.NET team worked very hard to release a wide range of patches in record time.  This whole issue started less than 2 weeks ago.

Brian