There’s been a lot of noise about the recent discovered vulnerability in ASP.NET.
This vulnerability can enable the attack to download critical files in your application such as web.config and others files, by exploiting details returned in the Sytem.Security.Cryptography.CryptographicException exception.
Scott Guthrie has published some posts regarding those issues here and here. These posts includes a brief explanation on how these attacks accord and how can you workaround them until Microsoft releases an update to fix those issues.
Basically, the workaround involves hiding exceptions from your users and using custom and friendly errors (which you should always use, regardless to this vulnerability).
It should be noticed that this vulnerability also effected SharePoint.