Many of you likely received information on this vulnerability, and the security update issued by Microsoft, from other sources.  If you haven't yet applied the update, please continue reading to see if the problem impacts your DevForce applications and what to do about it.

The vulnerability will only impact your DevForce application if your BOS is running under IIS (and therefore includes DevForce Silverlight applications).  A 2-tier DevForce application, or an n-tier application with a BOS hosted by either the console server or Windows Service will be unaffected. Since the vulnerability affects all versions of ASP.NET, it also may affect all versions of DevForce.

If you are affected by the vulnerability, install the patch from Microsoft as soon as possible.  More information about the patch, and how to download, is available here: http://weblogs.asp.net/scottgu/archive/2010/09/30/asp-net-security-fix-now-on-windows-update.aspx - http://weblogs.asp.net/scottgu/archive/2010/09/30/asp-net-security-fix-now-on-windows-update.aspx

More information

Microsoft Security Bulletin: http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx - http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx
Description of the vulnerability (Scott Guthrie): http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx - http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
Understanding the ASP.NET Vulnerability (Technet): http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx - http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx