Java/Active X? (Score 1)

I'd think the security hole is the use of IIS, not Acive X/JScript. It's probably the most, and most easily hacked server software on the planet. If they are trusting security to NT/IIS I believe it is the sysadmins that deserve prison time. Remember, the only real security is made with scissors.