Unpatched zero-day flaw in IIS 6.0 leaves users with limited options