Microsoft has released a beta version of UrlScan 3.0. UrlScan is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, UrlScan helps prevent potentially harmful requests from being processed by web applications on the server. UrlScan can also be configured to help against SQL injection attacks.
Download UrlScan 3.0 beta:
Supported platform: Internet Information Services 5.1, 6.0 or 7.0
Steve Schofield has written some nice posts on his blog about SQL injections: