Microsoft will release an emergency patch on Tuesday that plugs a security hole in a variety of its web developer tools that has been under active attack for more than a week. The vulnerability in ASP.Net applications allows attackers to decrypt password files, cookies, and other sensitive data that is supposed to remain …
Solution for short-term
Was very easy to fix a large number of ASP.NET sites to protect against this vulnerability. http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx proved to be very useful, simple changes required and easily assures that exploiters can't take advantage of the problem.
Still, a fix is a fix and I'm pleased to see it will be here soon. There must be many web sites out there that are not regularly maintained or the owners don't have the skillset to modify them. A lot easier for your typical small business owner to install a patch on their web server than it is to start modifying their web site.