More Attack Surface Reduction in IIS7

As y’all know, the attack surface of IIS6 is low because: It’s not installed by default When you do install it, it serves up static files only All user interaction is handled by a low-privilege process But there is still quite a bit of code installed, for example authentication code, which could have vulnerabilities. So the…

4