Because systems running .NET components as part of IIS are commonly exposed to the Internet or other publicly accessible networks, the source of potential attacks may be very large, increasing the chance of exploitation. However, only systems in certain configurations are affected, possibly making some sites immune to exploits.
If an exploit is successful, the IIS service may become unresponsive to further requests. However, the underlying operating system is unaffected, and still functions normally. Administrator intervention is required to restart the IIS service or application pool in order to restore proper functionality.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the August 2009 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for August 2009
The update available from Microsoft corrects this vulnerability by modifying ASP.NET request scheduling.