We have recently received the report from Trustwave, which is the organisation that performs security checks for the Credit card PDQ machine.
The below is the report which fails on iis 7.5. It gives links to the Microsoft website to download the appropriate patches but unfortunately i am unable to apply any of the updates on the Small Business Server 2011 as it states ' The update is not applicable to you computer'.
I have tried Windows 2008 x64, i386, Windows 2008 R2 x64, i386, which all return the same error.
The server is fully patched and up to date via Windows Updates and MSBPA.
Any ideas as to how to apply patches manually or patch the vulnerabilities?
Several security updates have been released to address security
vulnerabilities in this version of IIS. Although this installation was
detected as version 7.5, the presence or absence of several
specific updates could not be determined.
This finding is based on version information which may not have
been updated by previously installed patches (e.g., Red Hat "back
ports"). Please submit a "Patched Service" dispute in TrustKeeper
if this vulnerability has already been patched.
CVE: CVE-2010-1256, CVE-2010-1899, CVE-2010-2730,
NVD: CVE-2010-1256, CVE-2010-1899, CVE-2010-2730,
Match: equals '7.5'
Ensure that all security updates available for this version of IIS