Out-of-band security update will be published for ASP.NET tomorrow. Security update will solve publicly known DoS issue that exists in all versions of ASP.NET. Update will be delivered through Windows Update and Windows Server Update.
- ASP.NET Security Update Shipping Thursday, Dec 29th (ScottGu)
- Microsoft Security Bulletin Advance Notification for December 2011 (TechNet)
- Microsoft Security Advisory (2659883): Vulnerability in ASP.NET Could Allow Denial of Service
From security advisory document: “Sites that disallow application/x-www-form-urlencoded or multipart/form-data HTTP content types are not vulnerable”. It seems like most of servers are affected.