Microsoft ASP.NET workaround
In a move to block possible attacks by exploiting a publicly disclosed ASP.NET vulnerability known to the ViewState object. Microsoft published what they are calling a workaround to the "Padding Oracle" attack. The workaround offered by Microsoft will rely on implementing customErrors feature to return a custom error page for all error types.
Microsoft has published a workaround to the "Padding Oracle" attack for ASP.NET