The main IIS flaw - details of which were posted to the web last Monday - allowed hackers to gain remote access to an IIS 5.0 server environment.
Microsoft issued a patch for the problem last Thursday, noting that the potential flaw - which affects IIS 5.0, 5.1, 6,0 and 7.0 - allows hackers to generate distributed denial of service (DDoS) attacks on the systems, providing they are running an FTP service.
At the time, Microsoft has said the IIS problem was low risk and it had not seen incidents involving the coding flaw in the wild.
Over the weekend, following reports in the media, Microsoft changed its posting to say it was now seeing "limited attacks that use this exploit code".
"Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary", said the advisory on the Microsoft website.
Reports suggest that, although tomorrow is `Patch Tuesday,' Microsoft may not have had time to issue a complete workaround for the IIS flaw, which unconfirmed reports suggest has been modified by other hackers to attack a wide range of systems.
In its blog posting, Microsoft blamed the attacks in the wild on the fact that the original ISS vulnerabilities were published on the internet before the firm had a chance to work on a fix.
"We continue to encourage responsible disclosure of vulnerabilities", said the company in its blog posting.
"We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests."
"This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed."