Microsoft has released a barrage of hot fixes for IIS over the last few months. Keeping up with them has become nearly a full time job. However, Microsoft has released a tool that simplifies the task of maintaining your Web server with the latest security fixes and software patches -- HFNETCHK.
The HFNETCHK or Hot Fix Network Checker tool can be used to scan a local or remote IIS Web server host for the presence or absence of Service Packs and hot fixes. When launched, HFNETCHK automatically contacts the Microsoft Web site and downloads the latest hotfix information database. Then, this database is used to verify whether or not the appropriate patches have been applied to the OS (Windows NT, 2000, XP), IIS (4.0 and 5.0), IE (5.01 and later) and SQL Server (7.0 and 2000).
In just a few seconds, I was able to test our Web server to determine that we had overlooked a handful of important security hot-fixes -- a few of which I thought I had installed.
This is an excellent tool to set up as a batch script to run on a weekly basis. I'd suggest piping the output to a text file and then e-mailing it to your Web or system administrator. You should also run this tool right after applying a new patch to verify that it applied properly.
To download this tool and read more about it, please read Knowledge Base article
James Michael Stewart is a researcher and writer for Lanwrights, Inc.
Related book Microsoft Windows 2000 Security Handbook
By Jeff Schmidt & Dave Bixler
This book covers NTFS fault tolerance, Kerberos authentication, Windows 2000 intruder detection and writing secure applications for Windows 2000. Author Jeff Schmidt has helped develop, and is a consultant for Microsoft on the code for security development of Windows 2000.
This was first published in February 2002