Authors: Michael Howard, Richard Waymire, Marc Levy
Publisher: Microsoft Press, July 2000
As a best practice, Microsoft recommends installing the latest service pack and security updates for IIS, as well as any other components running on the web server. Although many customers utilize the online Security Bulletin Search as a reference for what hotfixes to apply for a given Product and Service Pack choice, the information provided by that tool does not take into account cumulative rollups (it shows all updates released after the specified Service Pack). For that reason, we recommend that customers who deploy IIS use the Microsoft Baseline Security Analyzer (MBSA) to identify security risks.
For more information about the MBSA, click the following article number to view the article in the Microsoft Knowledge Base:
The IIS Lockdown Wizard provides a "wizard" interface to configure many security recommendations. Both the IIS Lockdown Wizard and UrlScan, an ISAPI filter that can be used to block malicious web requests, are part of the Microsoft Security Toolkit that can be obtained from the following location: For more information about UrlScan, click the following article number to view the article in the Microsoft Knowledge Base:
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
Artikelnummer: 282060 – Letzte Überarbeitung: 03.02.2011 – Revision: 1