On 17th of September 2010, we released a Microsoft Security Advisory about a security vulnerability in ASP.NET.  This vulnerability exists in all versions of ASP.NET.

This vulnerability was publically disclosed late Friday at a security conference.  We recommend that all customers immediately apply a workaround (described in the Scott Guthrie's blog post in http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx or in the Microsoft Security Advisory ) to prevent attackers from using this vulnerability against your ASP.NET applications.