According to Microsoft, the vulnerability in the Microsoft .NET Framework component of Windows can be exploited when Internet Information Services (IIS) 7.0 is installed and ASP.NET is configured to use integrated mode on affected versions of Windows. This could open up for DDOS attacks.
"An attacker could create specially crafted anonymous HTTP requests that could cause the affected web server to become non-responsive until the associated application pool is restarted", said a security posting from the software giant.
The good news, Infosecurity notes, is that customers who are running IIS 7.0 application pools in classic mode are not affected by this potential DDOS security vulnerability.
Microsoft is recommending that users trip their auto-update option on Windows, which will download the required patch.