You could comment out the <add name="PageNotFoundHandler" in the 2 places it exists in Web.config and that will make 404 errors use the error page too.
However, I don't "think" that is really needed if all the other steps have been taken. I leave it up to you since it will impact user experience.
I think the extra step I took to make sure we don't return a 500 status for cryptography errors but a 404 instead combined with the random timing of the ErrorPage.aspx should protect us pretty well.
I'm actually packaging another release this morning to include the Microsoft workaround by default, and over the weekend I also implemented a new admin page "Security Advisor" to help identify a few common configuration issues that affect security and provide links to documentation about how to solve them. I'm trying to get the package ready to re-submit to the web app gallery asap.