http://msmvps.com/blogs/ehlo/archive/2009/05/22/1692927.aspxMicrosoft released recently Security Advisory 971492 , which alerts for a vulnerability in Internet Information Services (IIS) 6.0, 5.1 and 5.0 (7.0 is not affected), that can allow elevation of privilege. The vulnerability only occurs when WebDAV isenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/ehlo/archive/2009/05/22/1692927.aspx#1692995Sat, 23 May 2009 03:29:11 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1692995bradley<p>Question: Is Outlook Web Access (OWA) vulnerable to the authentication bypass?</p> <p>Answer: No, OWA is not vulnerable to this vulnerability. Exchange 2007 and earlier supported the WebDAV protocol but they did so with an Exchange implementation of WebDAV which only reads/write to/from the Exchange store. It does not interact with the filesystem directly.</p> <p><a rel="nofollow" target="_new" href="http://blogs.technet.com/srd/archive/2009/05/20/answers-to-the-iis-webdav-authentication-bypass-questions.aspx">blogs.technet.com/.../answers-to-the-iis-webdav-authentication-bypass-questions.aspx</a></p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1692995" width="1" height="1">