Microsoft has confirmed the reported vulnerability in the WebDAV implementation in IIS 5.0, 5.1 and 6.0. The flaw could be used to bypass the authentication mechanism on the Web server. However, the company said that there are a number of mitigating factors involved and that company security officials have not seen any attacks against the weakness so far. Microsoft officials said that the vulnerability is mitigated by several things, including the fact that WebDAv is not enabled by default on IIS.
Source: https://threatpost.com/microsoft-confirms-flaw-webdav-iis-051909/72674/