Microsoft IIS WebDAV vulnerability surfaced last week and has yet to be patched by Microsoft. Steve Friedl of Unixwiz.net has taken the time to make some sense of it all. His key piece of advice is, if you re not sure whether your servers are at risk, find an expert who can test your machines and give you a definitive answer. Most systems are likely not vulnerable, but unless the flowchart below leads to You are not vulnerable , we strongly recommend seeking local expertise to help assess your situation properly.
Source: https://threatpost.com/guide-iis-webdav-vulnerability-052809/72745/