Microsoft has released updated workaround guidance for the ASP.NET padding oracle vulnerability. Microsoft suggests customers use a technique to block requests that specify an application error. Researchers who developed the attack say the workaround is not sufficient to prevent the attack. The researchers say customers will not be fully protected until Microsoft releases a patch for the flaw. The next scheduled patch release from Microsoft is Oct. 12, but the company may push out an emergency fix for the vulnerability before then. The company says it has teams working around the clock worldwide to develop a security update of appropriate quality.
Source: https://threatpost.com/workarounds-not-enough-protect-against-aspnet-attacks-092710/74518/