I have posted some links to various security patches for IIS. Coldfusion, JSP, ASP, Tomcat, and various other servers ride 'piggyback' on IIS-thus are vulnerable to IIS security holes.

Even if you are running IIS/ PWS on your local machine (not serving up pages, just running the web service) and are connected to the internet-you are still at risk.

thanks doc! (i'm actually using the lockdown tool on test server now) do you have any info for the apache services?

thanks!
chris<pixelmonkey>:monkey:

I haven't gotten by the Apache sources since I run a coldfusion server, riding on IIS.

I just happen to get a lot of virus info for IIS through my company connections.