ASP.NET Security Hole

Encrypted applications on Microsoft’s .NET framework are vulnerable without the patch.

From Microsoft website:
“An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server.”

Wow!

I can’t believe Microsoft was so slow to produce a patch.

Patch here:
http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx

Also, discussion about the vulnerability here:
http://www.schneier.com/blog/archives/2010/09/new_attack_agai_1.html

Bad Microsoft!!
Andy