Vulnerability in ASP.NET Could Allow Information Disclosure
UPDATE (2010-09-29): Microsoft has release the fix. It should be available through Windows Update.
More Info: http://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspx
Microsoft Security Advisory just announced a vulnerability in ASP.NET that can lead to information disclosure. You can read the complete announcement at http://www.microsoft.com/technet/security/advisory/2416728.mspx
Important: Please make sure you read the Workaround section and do appropriate action based on your websites’ config.
Additional information can also be found at Scott Gu’s blog post http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx