Microsoft is currently investigating reports of a security vulnerability in ASP.NET that could be a potential issue for hosters and other users of ASP.NET.
... Our initial investigation has revealed that the vulnerability could allow an attacker to bypass authentication on a Web site running ASP.NET applications on Windows 2000, Windows 2000 Server, Windows Server 2003, Windows XP Professional by sending a malicious request to a Web server. This could allow an attacker to make changes to the content of a Web site, but would not allow the attacker to control the computer or run software on it.
... Microsoft is providing this prescriptive guidance in order to inform customers as quickly as possible about the vulnerability and information on how to prevent an attack. Microsoft is actively investigating the issue and plans to release additional guidance