So, this new amazing vulnerability has been making it's rounds this week and Microsoft has released some official information about it (http://www.microsoft.com/security/incident/aspnet.mspx).

Just a few thoughts on this-

1. I think this exploit wins the prize for being the cheesiest I have seen in a long time, I mean, it doesn't really take a technical genious to switch a '/' to a '\'..

2.  Building on the last thought - what on earth were the msoft developers thinking???? Come on guys, could you help us out a little bit here?

3.  And finally, I was going to write something here about how long this one has probably been known by all the Asshats out there, but I don't even want to think about it.

Its Friday and I'm going for beer - have fun installing urlscan/aspnet modules this weekend :)