TRACK is an HTTP verb that tells IIS to return the full request back to the client. It is Microsoft’s implementation and it is similar to TRACE verb which is RFC complaint.
Vulnerability scan tools may raise a flag if HTTP TRACK and TRACE verbs are enabled in your server. The reason behind is that attackers capture client cookies by asking web servers to return full requests.
An example text from a vulnerability scan tool in regards to the usage of this verb:
The HTTP TRACK method is normally used to return the full HTTP request back to the requesting client for proxy-debugging purposes. An attacker can create a webpage using XMLHTTP, ActiveX, or XMLDOM to cause a client to issue a TRACK request and capture the client’s cookies. This effectively results in a Cross-Site Scripting attack.