Back at the end of December, I posted a note here about a newly-discovered vulnerability that affected a variety of Web service platforms, including PHP 5, Java, .NET, and Google’s v8. Microsoft released an out-of-schedule Security Bulletin [MS11-100] and patch to fix the vulnerability in its .NET software, on December 29, for all supported versions of Windows.
Now, the ThreatPost security news service from Kaspersky Labs reports that a proof-of-concept exploit of this vulnerability has been published on the “Full Disclosure” mailing list. (The SANS Internet Storm Center also has a diary entry on this.) If you have a Windows web server, and have not applied the MS11-100 patch, I recommend that you do so as soon as you can. Download links and more information are in the Security Bulletin, linked above.
Posted by Rich 
