(MBSA 1.2.1 was released in the middle on August 2004 and replaces MBSA 1.2)
MBSA Version 1.2.1 is a tool designed for the IT Professional that helps with the assessment phase of an overall security management strategy. MBSA Version 1.2.1 includes a graphical and command line interface that can perform local or remote scans of Windows systems.
MBSA runs on Windows 2000, Windows XP, and Windows Server 2003 systems and will scan for common system misconfigurations in the following products: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, IIS, SQL Server, Internet Explorer, Office, Exchange Server, Windows Media Player, Microsoft Data Access Components (MDAC), MSXML, Microsoft Virtual Machine, Commerce Server, Content Management Server, BizTalk Server, Host Integration Server.
MBSA 1.2.1 includes all the great scanning abilities of 1.2 and adds these additional features:
Localization:
Additional Product Support:
Alternate File Version Support (allows multiple sets of file details to be checked in security updates scan)
Additional Configuration Checks:
Download MBSA v1.2.1 HERE (1.6mb)
The following list describes the system requirements to scan a local computer:
The following list describes the system requirements for a computer that is running the tool and scanning remote computers:
Note: The IIS 6.0 Common Files are required on the local machine when you remotely scan an IIS 6.0 server.
The following list describes the system requirements for the computer you want to scan remotely by using the tool:
Users who perform the scan must have local administrative credentials on each computer that they want to scan, regardless whether they perform a local scan or a remote scan.
Note: For remote scans, the administrative shares must be enabled on the scanned computer for MBSA to successfully connect and perform the scan.
You must have Internet access to download the Mssecure.cab file from the Microsoft Download Center. Mssecure.cab is used for the security updates scan. If a previous copy of the Mssecure.cab file was downloaded during a prior scan, MBSA will try to use the locally cached copy if an Internet connection is not detected.
Download the Latest Mssecure.cab
XML parsers have shipped in Internet Explorer 5.01 and later. However, Microsoft recommends that you use the latest version of Internet Explorer and the latest version of the MSXML parser.
Download MSXML 4.0 Service Pack 2 (Microsoft XML Core Services) (5.2mb)
Scan Reports
Scan reports are stored on the computer where the tool is installed in the %userprofile%’SecurityScans folder. An individual security report is created for each computer that is scanned (locally and remotely). Users must use Windows Explorer to rename or delete scans that are created by the tool in this folder.
Security Updates Scan
By default, a security update scan that you carry out from the MBSA GUI or from Mbsacli.exe scans and reports missing updates that Windows Update marks as critical security updates (also known as baseline critical security updates). When you carry out a security update scan from Mbsacli.exe by using the /hf switch, all security-related security updates are scanned and reported on. A user who runs an HFNetChk-style scan must use the -b option to scan only for Windows Update critical security updates.
Password Checks
The password checks can add a lot of time to a scan, depending on the computer role and the number of user accounts on the computer. Additionally, attempts to check individual accounts for weak passwords can add Security log entries (logon or logoff events) if auditing is enabled on the computer. MBSA resets any account lockout policies that are detected on the computer so that no individual user accounts are locked out during the password check. This check is not performed on domain controllers.
If you do not select this option before you scan a computer, both the local Windows and SQL account password checks will not be performed.
IIS Checks
The IIS 6.0 Common Files are required on the local machine that is used to remotely scan an IIS 6.0 server. The IIS 6.0 Common Files can be used to also scan earlier versions of IIS machines (for example, IIS 5.0). However, the IIS 5.0 Common Files cannot be used to remotely connect to and scan a computer that is running IIS 6.0.
SQL Server Checks
The tool checks for vulnerabilities on each instance of SQL Server that it finds on the computer. It performs all the individual SQL checks on each instance.
Localized Windows Builds
MBSA version 1.2.1 can scan English, German, French, and Japanese localized versions of the Windows operating system. This support includes the ability to download localized versions of the Mssecure.xml file from Microsoft. Checksum checks will not be performed when you scan a non-English computer for missing security updates without the associated localized Mssecure.xml file.
(Screenshot of the opening screen)
(Multiple computer scanning option)
After the scanning is complete you’ll get a summery of all the issues that where scanned and their status.
(Screenshot of a sample scan report)
Every scanned issue has 2 or 3 options you can work with. One is to see what was scanned. The second is to see the scan results, and the third is a page that will help you fix the problems (if there were any).
(Screenshot of sample result details)
Download MBSA v1.2.1 HERE (1.6mb)
Microsoft Security Baseline Analyzer
Microsoft Baseline Security Analyzer (MBSA) Version 1.2.1 Is Available – 320454 (Details on new features, scanning options, and bug fixes in V1.2.1)
Microsoft Baseline Security Analyzer (MBSA) Q&A
White Paper: Microsoft Baseline Security Analyzer V1.2.1
How to script MBSA V1.2.1 including sample roll-up scripts