There is exploit code circulating for a newly discovered vulnerability in the FTP service of Microsoft IIS. The flaw could enable an attacker to run his own code on a remote server. The vulnerability mainly affects older versions of IIS, Microsoft s Web server product, but the existence of a working exploit makes the vulnerability a serious concern. The exploit code for the IIS flaw was posted to the Milw0rm site on Monday, and US-CERT published an advisory on the vulnerability later in the day, recommending that administrators disable anonymous write access to vulnerable servers.
Source: https://threatpost.com/exploit-code-published-new-microsoft-iis-ftp-flaw-090109/73027/