Microsoft has released a Hotix Checking Tool for IIS 5.0.
Download it from http://www.microsoft.com/technet/security/tools.asp.
"This tool enables IIS 5.0 administrators to to ensure that their servers are up to date on all security patches. The tool can be run continuously or periodically, against the local machine or a remote one, using either a database on the Microsoft web site or a locally-hosted copy. When the tool finds a patch that hasn't been installed, it can display or dialogue or write a warning to the event log."