Re: Don't like IIS?
Lee
Overall, I agree with you. However, I am uncertain about the emphasis in: "Heartbleed etc. is an information disclosure attack. It doesn't crash your servers." For me, information disclosure is probably the biggest risk I have.
Naive question: does this vulnerability only allow the attacker to crash servers? Or does it enable elevated privileges or other compromises to the target?
Rgds