seems anything they have access to and anything they host could be affected.
The short its IIS
the source:
http://news.cnet.com/8301-13860_3-10244294-56.html?tag=newsEditorsPicksArea.0Part of the story
A new, unpatched vulnerability exists in one of Microsoft's server products, the company warned late Monday.
In a technical bulletin, the company said it is looking into "public reports of a possible vulnerability in Microsoft Internet Information Services (IIS)."
The company said that a flaw exists in a certain type of Web serving operation.
"An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests," Microsoft said. "An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication."
