|^|

After running MS latest hotfix - KB2416471 - as Scott G uthrie posted about for the security flaw in ASP .Net, just about all of our test sites on the shared hosting server seemed to fall over. Although, only for a few users. Quite strange, but as we dug deeper it started making sense.

It seems that anyone that uses any encrypted data (encrypted using MachineKeySection.EncryptOrDecryptData()) that has been stored before the patch was run, will now fail to decrypt after the install! So users who have visted your site and have an encrypted cookie will be greeted with a yellow screen of death - or your custom error page. The error is 'Unable to Validate' and some error lines reffering to the encryptions stack.

Unfortunately, until you manage to force existing visitors to recreate their cook or otherwise handle the encryption issue, the only way to solve is to roll back the hotfix.

Good Luck.

Update:

Hotfix rollback doesn't work! At least for me, let me know if anyone's did and Fyi, Sitecore and Kentico use forms authentication... and just about any website in the world. Cant believe MS let this slip through an automatic update, live servers hit everywhere. Fallout will be massive, imho. A current workaround is to put up a hotfix that will catch any 'Unable to Validate' error and treat the user as anonymous.

Watch this space for updates and possible work around - work arounds.