Your Servers are at Risk!
If you are running applications on IIS 5 or 5.1 and have not run the IIS Lockdown tool and installed URLScan, you are just asking for trouble.
Please, for the sake of your clients, self, and company, be sure to at least do these simple steps to further secure your web servers. These things are so easy to do, you have no excuse.
While you're at it, check out the IIS 5 security checklist!