Reading through recent ASP.Net security advisory 2416728 (http://www.microsoft.com/technet/security/advisory/2416728.mspx), it appeared to me that Sharepoint would NOT be susceptible to this security volunerability - just wanted confirmation of this. Thanks

By default, SharePoint shows its own custom errors so a hacker wouldn't be able to view the ASP.NET errors that typically show in .NET web applications. So yes, theoretically SharePoint's attack surface isn't affected by this vulnerability. However, sometimes administrators or developers will turn this feature off in order to view the classic ASP.NET error screens. This could pose a real issue regarding this security alert, and may compromise your system. Here is a website that providers a great explanation: http://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html http://donahoo-development.com

here is the anwser from microsoft. http://blogs.msdn.com/b/sharepoint/archive/2010/09/21/security-advisory-2416728-vulnerability-in-asp-net-and-sharepoint.aspx?utm_source=feedburner&utm_medium=email&utm_campaign=Feed:+sharepointteamblog+(Microsoft+SharePoint+Products+and+Technologies+Team+Blog) hope this will works. thanks -wsi am at SharePoint administrator

This answer specifically addresses SharePoint 2010. I assumed we were talking about pre-SharePoint 2010 solutions...http://donahoo-development.com