We urge owners of ASP.NET websites to implement the changes described in the work-around below. You know that you have an ASP.NET website if your pages have even one page with a .aspx extension. Other open-source applications such as DotNetNuke use ASP.NET and would need the security update.
Once Microsoft releases a security update we will apply the update to all of our shared web hosting servers and dedicated/virtual servers as necessary. Since this update may come tomorrow or in 30 days, we suggest implementing the work around below.
The workaround fix can be found here. It is not highly technical but use of FTP and page editing is required.
http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
If you have trouble applying the workaround fix above please call (858-433-2818) or email (support@ephost.com) for assistance.
More information about this vulnerability can be found here:
http://www.microsoft.com/technet/security/advisory/2416728.mspx
