The Register: "The cumulative patch includes the functionality of all security patches released to
date for IIS 5.0, and all patches released for IIS 4.0 since Windows NT 4.0 Service
Microsoft has promised that the cumulative patch eliminates the "side effects" of the
previous IIS cumulative patch, which have led some admins to defer the installation
of the fix even while the FBI warned the Russian Mafia was exploiting flaws with IIS
to raid online banks.
Apparently it took the outbreak of Code Red for Microsoft to take anything
approaching decisive in making its easier for admins to guard against the many
flaws on IIS."