IIS 5.0/Index Server Displays Directory Listings
SecuriTeam and @Stake Advisories have reported a potential problem with IIS 5.0 servers in which users might be able to trick Index Server into providing directory listings of files. Default IIS 5.0 installations exacerbate the issue by granting default permissions to the Index Server, which allows it to index the entire server. However, Index Server is not enabled by default, which limits the number of affected machines. The Microsoft article "IIS Search Method May Allow Unauthorized Users a Directory Listing of a Web Site" provides more information about this problem. Or you can click here to read the original advisory.
Looking for an Old Microsoft Security Bulletin?
If you've ever missed a bulletin or wanted to catch up, a resource archives Microsoft's Security Bulletins, patches, and security checklists. The archive also includes checklists and best practices for IIS 5.0 and IIS 4.0 installations.