Encrypted applications on Microsoft’s .NET framework are vulnerable without the patch.
From Microsoft website:
“An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server.”
I can’t believe Microsoft was so slow to produce a patch.
Also, discussion about the vulnerability here: