Finally they’ve delivered! Earlier today the much awaited padding oracle patch was released by Microsoft. As usual, Scott Guthrie has written about it and you can find all the info in ASP.NET Security Update Now Available.
It’s not a moment too soon either. According to Thai Duong, half of the duo responsible for bringing the vulnerability in ASP.NET to public awareness, the guidance Microsoft has provided over the last couple of weeks was, well, a waste of time. And here’s another video to prove it: