Today sees the release of AntiXSS v4.2 in order to address MS12-007. As AntiXSS is a developer tool developers need to download the latest version, test, then deploy the web sites using the library. nuget has also updated – if you’ve added AntiXSS via nuget you’ll need to update the package.
It is recommended you test and apply the new version as soon as possible.
The vulnerability only affects the HTML sanitizer. The sanitizer has been changed to remove all CSS it encounters, this new behaviour means that if you were expect CSS formatting...