Here is a link with information regarding the exploit.
http://www.microsoft.com/technet/security/advisory/2416728.mspx
http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
http://stevesmithblog.com/blog/asp-net-custom-errors-security-flaw///You Tube video, you should check out!
http://tinyurl.com/2b7rnae
http://pentonizer.com/general-programming/aspnet-poet-vulnerability-what-else-can-i-do/
http://www.gdssecurity.com/l/b/2010/09/14/automated-padding-oracle-attacks-with-padbuster/
//Sharepoint
http://blogs.msdn.com/b/sharepoint/archive/2010/09/21/security-advisory-2416728-vulnerability-in-asp-net-and-sharepoint.aspx
//Custom Errors including new attribute in .NET 3.5 sp1
http://msdn.microsoft.com/en-us/library/h0hfz6fc(VS.90).aspx
//Search engine friendly custom error handling in .NET 3.5 sp1
http://blog.turlov.com/2009/01/search-engine-friendly-error-handling.html
Steve Schofield
Microsoft MVP – IIS