Hewlett-Packard Development CO LP (HP) has released a patch to address this vulnerability. Additionally, it is possible to temporarily work around the flaw by implementing the following workaround: Requiring authentication by modifying the session.conf file is not a valid workaround for this vulnerability. The vulnerability occurs during the parsing of requests, before any authentication checks.
However, it is possible to use the IIS configuration manager to require authentication in order to execute the ovlaunch CGI. Additionally, the IIS configuration manager can be used to limit connections by IP address.