Since this discussion is already taking so much bandwidth, here's a quote
from a recent MS security mailing that you may find useful:
"Administrators who have followed IIS best practices would not be
vulnerable to this kind of attack. Best Practices for IIS4 and IIS5,
including lockdown tools and a hotfix checker, can be found at the
following URLs:
IIS4 Best Practices:
http://www.microsoft.com/technet/security/iischk.asp
IIS5 Best Practices:
http://www.microsoft.com/technet/security/iis5chk.asp
IIS5 Lockdown Tool:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=19889
IIS5 Hotfix Checker Tool:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24168"
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
