This evening a download was added to the ASP.NET Security Vulnerability information page. It sounds like there is more to come but this is a start.

Note  This page was updated October 7, 2004, to include information about a newly released mitigation option, an HTTP module installer. This module protects all ASP.NET applications on a Web server against canonicalization problems that are currently known to Microsoft as of the publication date. We will continue to update this page as additional guidance and resources become available.

http://www.microsoft.com/security/incident/aspnet.mspx

  Sign up for my newsletter so you don't miss my conference & Pluralsight course announcements!