Microsoft is investigating a newly reported flaw that could put websites at risk of attack. The company has issued an advisory on the vulnerability, which affects Windows XP Professional SP2, Windows Server 2003, Windows Vista and Windows Server 2008. The problem exists in Windows" handling of code within its Internet Information Services (IIS) and SQL Server.
If exploited, the vulnerability could allow a user to elevate access privileges to that of the LocalSystem administration tool. Microsoft warned that companies that make extensive use of user-provided code, such as site hosts, are especially vulnerable.