Developer Forum

<Quote>
Microsoft on Friday warned users that a critical bug in ASP.Net could
be exploited by attackers to hijack encrypted Web sessions and pilfer
usernames and passwords from Web sites.... the flaw exists in all
versions of its ASP.Net, the company's Web application framework used
to craft millions of sites...Microsoft will have to patch every
supported version of Windows, from XP Service Pack 3 (SP3) and Server
2003 to Windows 7 and Server 2008 R2, as well as other products,
including its IIS and SharePoint server software.

...According to Rizzo and Duong, their attack is able to access Web
applications with full administrator rights, resulting in everything
from "information disclosure to total system compromise."

They estimated that 25% of the Internet's Web sites use ASP.Net.
</Quote>