Microsoft concluded an investigation into a potential IIS 6.0 flaw that researchers said may lead to a denial of service attack and which researchers said "definitely" allows attackers to access special DOS devices (COM1 in this case).
The verdict: <A HREF="http://www.eweek.com/article2/0,1759,2136244,00.asp?kc=EWRSS03119TX1K0000594">The claims are wrong,</A> the public proof of concept code doesn't take advantage of an IIS 6.0 vulnerability, and the code in question, although it claims to use IIS 6.0, actually uses ASP.NET.