Update for WebDAV vulnerability on IIS 5.x and IIS 6
We now have a security update available to address the WebDAV extension vulnerability reported earlier. All customers affected should apply the update even if they have mitigated the issue through a workaround.
The background here is that we had an encoding vulnerability in the WebDAV extension for IIS 5.x and IIS 6 that was publicly disclosed by a party and responsibly disclosed by someone else. Immediately following the public disclosure, we released an advisory detailing the issue and workarounds. We then accelerated our release of the fix that is now out this patch Tuesday.