Microsoft recently released a patch for Microsoft IIS 4.0 and 5.0 servers that fixes a new variant of an old vulnerability. This vulnerability, which can occur only under rare conditions, lets attackers view files from the server for which Web users already have permissions and could potentially let users see an Active Server Pages (ASP) page's content. Users who have disabled HTR functionality aren't exposed to the new variant. For more information, including patch availability, go to Microsoft's Web site.