Microsoft has recently released a Microsoft Security Advisory for a vulnerability affecting ASP.NET.  This post documents recommended workarounds for the following SharePoint products:

  • SharePoint 2010
  • SharePoint Foundation 2010
  • Microsoft Office SharePoint Server 2007
  • Windows SharePoint Services 3.0
  • Windows SharePoint Services 2.0

A workaround is not necessary for SharePoint Portal Server 2003. 

The workarounds for the affected versions of SharePoint and Windows SharePoint Services listed above are temporary measures that do not fix the underlying issue but help to block known attack vectors until an ASP.NET security update is released.  We will provide instructions on how to revert the workarounds when the security update is released.

Microsoft recommends that all affected SharePoint customers apply the workaround as soon as possible.  You should apply the workaround to every web front-end in your SharePoint farm.