HighMicrosoft Knowledge Base Article 970483 is not installed, which could allow a remote attacker to exploit the following vulnerabilities:
Microsoft Internet Information Services (IIS) could allow a remote attacker to bypass security restrictions, caused by the improper handling of WebDAV requests for directories requiring authentication. By sending a specially-crafted HTTP request to a WebDAV-enabled IIS server, a remote attacker could exploit this vulnerability to bypass security restrictions and download protected files.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS09-020. See References.
Microsoft Security Bulletin MS09-020
Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
http://www.microsoft.com/technet/security/bulletin/ms09-020.mspx
IBM Internet Security Systems X-Force Database
Microsoft Internet Information Services (IIS) WebDAV security bypass
http://xforce.iss.net/xforce/xfdb/50573
ISS X-Force
Microsoft Windows Knowledge Base Article 970483 update is not installed
http://www.iss.net/security_center/static/50768.php
CVE CVE-2009-1122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1122
CVE CVE-2009-1535
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1535
