Description: This event is generated when an attempt is made to exploit a potential weakness on a host running Microsoft Internet Information Server (IIS).
Impact: Information gathering possible administrator access.
Corrective: Check the IIS implementation on the host. Ensure all measures have been taken to deny access to sensitive files. Ensure that the IIS implementation is fully patched. Ensure that the underlying operating system is fully patched. Employ strategies to harden the IIS implementation and operating system. Check the host for signs of compromise.