Everyone knows the security issues on IIS world even though it's been quiet for some time since the IIS 6.0 was released alone with Windows Server 2003. This is a very good article talking about how to secure your IIS server on Windows platform in proper way. Don't let the vulnerabilities to get you down.
Tips for Securing IIS