FYI - Microsoft comments on the IIS 5.0-6.0 FTP security vulnerabilities.
- Microsoft has officially responded to the recent 0-day FTP security issues on IIS 5.0, 5.1, and 6.0. They are working on patches for it. It's bad, but not as bad as it could be.
Special attention to the FAQ and Mitigating Factors sections. Looks like anonymous write access is needed for successful remote exploitation by a non-authenticated user.