CNET: "The flaw occurs in a component of Microsoft's Internet Information Service (IIS) software that is
installed on Web servers by default, said Marc Maiffret, chief hacking officer with eEye Digital
Security, the company that found the flaw.
"Pretty much any Web server (using Microsoft software) is basically left vulnerable to attack," he
said. "Any hacker can basically get system-level access, which is the highest level of access on
the computer," by using a program that exploits the problem."