Microsoft’s out-of-support Internet Information Services web server software may be vulnerable to a newly revealed zero-day exploit. The exploit targets a buffer overflow within IIS 6, which shipped with Windows Server 2003. Microsoft stopped supporting the product in July 2015. Microsoft won’t patch the software and is advising users to move to newer versions of IIS. The vulnerability is dependent on a server having WebDAV enabled, which is an extension for HTTP. A simple fix is disabling the vulnerability eliminates the risk.”]
Source: https://www.cuinfosecurity.com/blogs/old-microsoft-iis-servers-vulnerable-to-zero-day-exploit-p-2437