IIS Could Expose ASP Code
According to Microsoft Security Bulletin MS00-019, there is a possibility that if you map a virtual directory to a Uniform Naming Convention (UNC) share and certain characters are included at the end of the browser's request, IIS could fail to process the Active Server Pages (ASP) and potentially return the original ASP code to the browser. Click here for more information about this potential vulnerability and a patch to correct it.

Old Microsoft Index Server Vulnerability Revisited
Microsoft raised the warning flags again about two old Index Server vulnerabilities that let malicious users view files on a Web server. Microsoft first discovered the vulnerability in January; however, it has updated the bulletin several times since its original release as the company has discovered new variants. A second, related vulnerability lets malicious users learn the locations of Web directories on a Web server. Click here for more information and a patch for both vulnerabilities.