ASP.NET Incident Page Updated
The incident page detailing the reported ASP.NET vulnerability has been updated to include information about a new mitigation option for this issue. Check it out here:
What You Should Know About a Reported Vulnerability in Microsoft ASP.NET
This page was updated October 7, 2004, to include information about a newly released mitigation option, an HTTP module installer. This module protects all ASP.NET applications on a Web server against canonicalization problems that are currently known to Microsoft as of the publication date. We will continue to update this page as additional guidance and resources become available.
And this is a link to the new ValidatePath module page in the download center:
Microsoft ASP.NET ValidatePath Module
Microsoft has released an ASP.NET HTTP module that Web site administrators can apply to their Web server. This module will protect all ASP.NET applications against all potential canonicalization problems known to Microsoft.