Microsoft is investigating reports of a new zero-day vulnerability in its IIS Web server software. The flaw is a problem mainly on servers that are poorly configured, Microsoft says. The vulnerability exists in versions 6.0 and earlier of IIS, according to an advisory published by researcher Soroush Dalili. Microsoft s next scheduled monthly patch release is about two weeks away, and it could have a patch ready by then if the company deems the vulnerability serious enough to warrant a quick patch release.
Source: https://threatpost.com/microsoft-investigating-new-iis-zero-day-122809/73303/