A security researcher from nCircle is accusing Microsoft of gamesmanship in its description of an unpatched IIS vulnerability in the way the WebDAV extension decodes a requested URL. The end result is that a successful exploit would allow a hacker to bypass authentication and gain unauthorized access to resources. The bug should be called what it is an access control breach or an authentication bypass, the researcher says. The researcher says Microsoft has classified this issue two different ways in two different places.
Source: https://threatpost.com/microsoft-accused-downplaying-iis-flaw-052009/72754/