There are a number of exploits against various IIS mappings. Most IIS websites do not use MOST of the IIS Mappings. It is strongly recommended that you remove all unused App Mappings.
You should ask your web development team which Mappings (e.g. .asp, .pl, etc.)
are being used by your website(s), and then remove ALL mappings that are not being moved.
To remove App Mappings:
1.) Click on "Start" -> "Programs" -> "Administrative Tools" -> "Internet Services Manager".
2.) Right click on the first node in the left pane, right click on it, and then click on "Properties" as shown in the figure. Note that this node will display your machine name.
3.) Make sure the "WWW Service" is selected, and click on the "Edit..." button.
4.) Click on the "Home Directory" tab, and then click on the "Configuration"
5.) One by one, click on the Application Mappings you are NOT using, and
then click on the "Remove" button.
6.) Click on the "OK" button (twice).