On Saturday, Microsoft released a security advisory for all versions of ASP.NET. As with all security issues, it is important for system administrators and developers to take the necessary steps to ensure their data remains safe. This particular vulnerability could allow an attacker to request and download files within an ASP.NET application, like the web.config file. Obviously, this is a file often containing sensitive information. A patch for this vulnerability will be available soon, but for now, developers can implement code to ensure that their applications are safe.
For a full description of the vulnerability and what you need to do to protect your application, please check out ScottGu’s blog post on this issue.