Microsoft has published exploit code for a serious code execution vulnerability in IIS 5.0, 5.1, and 6.0. The vulnerability could allow remote code execution on affected systems running the FTP service and connected to the Internet. A security advisory from Redmond warned that the vulnerability could be dangerous. See workaround information on the SR&D blog on the advisory’s SR &D blog. Read the advisory from Microsoft.com: Vulnerability is a serious problem in the File Transfer Protocol Service in Microsoft Internet Information Services (IIS)
Source: https://threatpost.com/microsoft-confirms-iis-ftp-zero-day-flaw-090109/72240/