微软在10月5日发布了What You Should Know About a Reported Vulnerability in Microsoft ASP.NET网页以提供针对此安全漏洞的对策。当前的对策主要是如KB887459所描述的那样在Global.asax或其Code-Behind中在Application_BeginRequest中增加检查
if (Request.Path.IndexOf(''''\\'''') >= 0 || System.IO.Path.GetFullPath(Request.PhysicalPath) != Request.PhysicalPath) { throw new HttpException(404, "not found"); }
显然每个Application都需要有这样的检查以应对此安全漏洞。微软还会提供其他的对策,请关注What You Should Know About a Reported Vulnerability in Microsoft ASP.NET网页更新。