Shibboleth has released an updated version of the "modern" module for Microsoft IIS V7+ which corrects a denial of service vulnerability.

IIS module fails to trap exceptions raised by network socket failures
This issue is specific to the newer IIS module and does not impact the older ISAPI filter/extension or the Apache modules or any other SP integration variants.

Recommendations

• Update to V3.1.0.2 or later of the Windows installation package.  
  
  
  To view the full Security Advisory, go to: https://shibboleth.net/community/advisories/secadv_20200831.txt