This info came in an email from the DNN corporation, well worth a read and check out the blog post where it recommends to install the windows updates asap.
<!--[if gte mso 9]>
Normal
0
unctuationKerning/>
false
false
false
oNotPromoteQF/>
EN-GB
X-NONE
X-NONE
ontGrowAutofit/>
ontVertAlignCellWithSp/>
ontBreakConstrainedForcedTables/>
ontVertAlignInTxbx/>
MicrosoftInternetExplorer4
On September 17 Microsoft issued a Security Advisory
regarding a vulnerability in ASP.NET. On September 18 Scott Guthrie of
Microsoft posted a blog about the important ASP.NET security vulnerability. Note that this is an ASP.NET
vulnerability so it may impact any of your applications running on ASP.NET, not
just DotNetNuke.
DotNetNuke Corp. issued a notice recommending protective actions
against the ASP.NET Oracle Padding vulnerability shortly after it was
identified as a threat. The recommendations were made by Microsoft and
forwarded by us. However,
the changes suggested were not sufficient to protect against this
vulnerability.
Microsoft created a fix for ASP.NET which has since been released.
Frequently
Asked Questions about the patch are available in Scott
Guthrie’s blog. We strongly encourage all members of the DotNetNuke community
to install the ASP.NET patch immediately to close this vulnerability.
We understand from Microsoft that weaponized exploit tools will
be broadly available soon that are designed to exploit this vulnerability. If you are using ASP.NET, it is
imperative that you install the Microsoft patch immediately.
The Microsoft recommended changes we forwarded previously are
not sufficient. The only way to effectively protect your servers is to install the Microsoft patch as soon as possible.
The patch is available through Windows Update (WU) and Windows Server Update
Services (WSUS) which make it easier to identify all the appropriate patches
for your installation.
Best regards,
The DotNetNuke Corp.
Team