This advisory contains information regarding public reports of a vulnerability in Microsoft Internet Information Services (IIS) that could allow Elevation of Privilege. Products affected are IIS 5.0, IIS 5.1, and IIS 6.0. The advisory contains guidance and workarounds that customers can use to help protect themselves. We will continue to monitor the situation and post updates to the advisory and the MSRC Blog as we become aware of any important new information.
At this time, we are not aware of any known attacks that attempt to use this vulnerability.
For more information see Microsoft Security Advisory 971492.
J.C. Hornbeck | Manageability Knowledge Engineer