Thanks to D Horn for this
“A once-obscure Microsoft Web server security problem is back
with a vengeance, allowing crackers to easily pry open some of the
Web’s biggest sites.
“When the bug first surfaced last summer, it proved very
difficult to exploit. But a mere six lines of code released Monday
makes the problem much more pressing, security groups warned.
“At least 50 percent of the IIS sites we looked at are
infected,” said Greg Gonzalez, who discovered a new and
simpler way to exploit the hole.”