The interesting take-away is the .sys suffix on the filename: Yes, Windows contains a device driver running in Kernel mode that cares about (IIS) HTTP traffic.
You know how $YOU need to pick a web server, and so you start reading about them, and you find a site that has posted some microbenchmark about serving a hundred byte static file or something, and $SERVER1 can do 106,000 per second and $SERVER2 can do 107,000 per second, so $YOU go with $SERVER2 without asking any more questions?
Yeah... that does nasty things to these server's architecture... "Performance at all costs" eventually strays into taking down the barriers built to protect the system, but at the inevitable cost of slowing things down as things go through the barriers.
HTTP.sys feeds directly into the IIS Request Queue. When that queue overruns, (i.e. too many pending requests that are waiting on a backend NAS or other resource) it's HTTP.sys providing the 503 error, not IIS.
Yup, that's not that special though. All major OS have the TCP/IP stack in the kernel. And many (but not all) OS have at least parts of their GUI stacks in the kernel.
MS actually moved the GUI stack into the kernel around NT 4. Used to be (so legend has it) if the video driver crashed on earlier versions of NT, you could restart it, and the system didn't go down. But, you know, PERFORMANCE!!1. Win.
