Security hole in Windows NT 4 Server and Microsoft IIS allows any Internet user (IUSR_COMPUTER) to change any users password, including the administrator password. Root compromise. No fix yet.
b9bc1d482dfd500af3712ba8c0d5b923354b7d8747117294b47200c8a254dee8