One of my monthly tasks, is to apply any needed patches to the server farm in my company. Before I roll them out to the live environment, I always test them on a few disposable machines first. Amongst the deluge of patches released by Microsoft last week, was one for the asp.net path validation vulnerability, but I found after applying it, all my asp.net sites stopped working. A bit of googling, and it seems I'm not the only one. Scott Hanselman had the answer and a link to a post to fix. The problem only occurs when your IIS Local path text ends with a trailing slash, so it's one to check for before applying this patch.