This morning Microsoft has released a security update that addresses the ASP.NET Security Vulnerability. The PHP applications running on IIS are subject to this vulnerability if ASP.NET is enabled in IIS.
IMPORTANT: Even if PHP applications on IIS do not use any of the ASP.NET features the vulnerability still exists as long as ASP.NET is enabled. It is recommended to install the security update as soon as possible.
Read the complete post here