Microsoft has confirmed the reported vulnerability in the WebDAV implementation in IIS 5.0, 5.1 and 6.0, saying that the flaw could be used to bypass the authentication mechanism on the Web server.