HFCHECK.WSF consults an XML file list - either hosted on the Microsoft site or downloaded to the local machine - for the list of hotfixes available for IIS, then compares this list to the hotfixes installed on the local system. If a hotfix is missing, the tool calls the Notify function in NOTIFY.JS. The current implementation of Notify reports an error on the command-line and writes a warning message to the Application Eventlog, but it is possible to customize it to perform other actions such as stopping the server or sending an e-mail to the administrator. The Notify function is in a separate file ( NOTIFY.JS ), so that you can easily rewrite the Notify function for your own needs.
Microsoft is clearly beginning to respond to the continuing exploits of IIS. They have now released an IIS Lockdown tool that lets you configure an IIS 4.0 or 5.0 web server for secure operation. It provides two modes:
- an express mode that is appropriate for most basic web servers
- an advanced mode that allows the administrator pick and choose the technologies the server will support