I came across this article today on Dark Reading. Anybody else read this? I'm thinking of downloading the free configuration tool mentioned but wanted to see if anybody else has tried it.

http://www.darkreading.com/vulnerability-management/167901026/security/vulnerabilities/232602900/simple-settings-that-could-curtail-some-attacks.html

It's very interesting article :

"Organizations, especially those without the security resources to keep on top of these basic hygiene configurations, often leave themselves exposed as they struggle to keep track of the configurations. Even some large companies forget the little things or are so overwhelmed with volume that they miss them. "These little things -- not letting users download .exe files, or [not] using proxies for filtering, that don't impact the business in any way" basically raise the bar for the attacker, says Marc Maiffret, CTO and co-founder of eEye Digital Security.

So Maiffret says eEye later this week will roll out a free tool that runs a quick "health-check" on some key and simple-to-fix configuration best practices that can help shrink the attack surface. The so-called In Configuration We Trust Tool isn't meant to replace a vulnerability assessment, penetration test, or proper patch management programs, but instead to take the pulse of some of the basic protective steps in configuring a safer environment, Maiffret says.

The tool checks for 10 basic things you can do to properly configure your environment: use digitally signed running processes; use digitally signed DLLHost Services and egress port filtering; disable Microsoft Office converters; update Windows operating system with the latest releases; update Microsoft Office with the latest releases; remove administrative privileges from end user accounts; disable WebDAV; block direct downloads of executable files; and push egress traffic through a Web proxy. "