Here is a good one: Microsoft Baseline Security Analyzer V1.2

Download it from: http://www.microsoft.com/technet/security/...s/mbsahome.mspx

It shows you some really crucial aspects of your server and how it can be compromised and/or exploited. Often times a server will be missing something (as far as hotfix goes) and that allows malicious attackers through.