New remote execution vulnerability (CVE-2017-7269) was recorded in the National Vulnerability Database for Windows 2003 R2 IIS6 last week. Exploitation of this vulnerability allows a remote attacker to execute code on the vulnerable web server.
Thus, potentially allowing hackers to take over the whole system, install remote control systems and propagate within local network conducting local attacks. Results of the exploitation might be catastrophic for organizations. Microsoft will not provide a patch for this vulnerability, as OS is not officially supported.