A new remotely-exploitable vulnerability has been found in the Microsoft IIS 6.0 Web server. The flaw is similar to one discovered eight years ago in earlier versions of IIS. Exploitation of the flaw could enable an attacker to upload content to the vulnerable server. There is no patch available for this vulnerability, so experts at the SANS Internet Storm Center are recommending that people disable WebDAV in the interim. Microsoft s Security Response Center is investigating the vulnerability and is in the process of putting together an advisory on it.
Source: https://threatpost.com/serious-new-flaw-found-iis-60-051809/72672/