I&#039ve read the articles about it many times from many sites. But I haven&#039t found a step by step guide about how to patch it. I have already patch my web server with the file I d/l from Microsoft, but is that enough? I found a site that can steal your ASP code just by typing the URL and it will retrieve the code from that URL (if the web server haven&#039t been patched yet). I have already tested it to my URL, the code cannot be shown, but it still show the HTML output. I tried other URLs that have been patched (including this site ;^)), and it even didn&#039t produce HTML output, only a message that inform the page has already been patched. What else do I need to perfectly close that IIS hole ?<BR>Thanks a lot