I've seen to notable differences in the behaviour of webresource.axd:
- The d parameter is now set to a value much longer than before, it seems it's 50 bytes longer
- Tampering with this parameter will not trigger a 500 server error and an entry in the application event log. A regular 404 error is returned to the browser, and nothing is logged in the event log.
Anyhow, it's time to go home from work. Unfortunately, my local time is quite far from PDT. Happy patching!