IIS Microsoft DDOS windows security flaw

New IIS security flaw

    April 14, 2015, Microsoft announced a critical vulnerability for IIS in the MS15-034 bulletin. The latter is referenced under code CVE-2015-1635.

    That allows?

    The flaw would allow an attacker to run arbitrary code in the context of the system account. It would also allow a denial of service attack.

    Since when does it exist?