Network Associates weekly report:
Microsoft has identified a security vulnerability in Microsoft® IIS 4.0 and 5.0
that is eliminated by a previously-released patch.
Customers who have applied that patch are already protected against the vulnerability
and do not need to take additional action.
Microsoft strongly urges all customers using IIS 4.0 and 5.0 who have not already done so
to apply the patch immediately.

Patch is also provided to subscribed list of Microsoft® Tech Support:

Patch :
Date :