I would recommend doing some reading over here -> http://www.securityfocus.com/infocus/microsoft
Lots of good info about patching an IIS box from the start. Should cover all you're looking for. Also, on technet: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/current.asp you can search for what patches you need for IIS based on your OS/Service pack. -----Original Message----- From: Thad Horak [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2003 10:59 AM To: [EMAIL PROTECTED] Subject: MS Service Packs All, Has anyone had any luck decyphering what security fixes are include in what MS service packs. For example, if I apply SP3 to a W2K Server will this patch all security issues found for the base OS up until the release of SP3. What about IIS/SMTP/FTP, etc fixes. Do I need to install these Qfixes and rollups seperately? I've looked through the readme for the SP, but it's not that clear. Hoping someone on the list has tackled this and can shed some light. Many thanks. Thad --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------