Microsoft ASP.NET out of band release and SharePoint
A common question we’ve been getting in the Office space is related to SharePoint and the recently announced ASP.NET vulnerability. It is possible to expose the issue through SharePoint, but the core issue lies within the .NET framework. There will be no SharePoint update for this bulletin, but it is recommended that you install the update for the .NET framework in your environment.
A list of the affected .NET versions along with the corresponding downloads can be found within the bulletin MS10-070.