In June of this year, we released a beta version of UrlScan 3.0, which can help mitigate SQL injection attacks. Today, we’re happy to announce the final release of UrlScan 3.0 for Internet Information Services (IIS).
UrlScan 3.0 is a security tool that restricts the types of HTTP requests that IIS will process. By blocking specific HTTP requests, the UrlScan 3.0 security tool helps to prevent potentially harmful requests from reaching applications on the server. UrlScan 3.0 is an update to UrlScan 2.5 and requires IIS 5.1 or later, including the latest IIS 7.0 on Windows Server 2008.
Source : blogs.technet.com/windowsserver