From Microsoft’s warning is not clear what the vulnerability is, but you can see that this is critical, and the vulnerability must be patched, especially on public facing Windows IIS Servers:
…A remote code execution vulnerability exists in the HTTP