Microsoft Security Advisory MS01-026 - Three new vulnerabilities have been found in Microsoft IIS 5.0. The first allows remote attackers to execute commands in the security context of the IUSR_machinename account. A vulnerability that could enable denial of service attacks against the FTP service due to wildcard expansion has also been patched. Finally, a vulnerability that could make it easier for an attacker to find Guest accounts that had been inadvertently exposed via FTP. If an attacker preceded an account name with a particular set of characters, the FTP service would search the domain, and all trusted domains, for the user account. Microsoft FAQ on these issues available here.
d77ab68c2a8150465e70f464962e49e04844999e9c5b8e255fb11f56de603c88