How to Check for Missing Updates in Windows Server 2012 R2 and Windows 8.1
How can I find missing updates in Windows Server 2012 R2 and Windows 8.1?
Microsoft has updated the Baseline Security Analyzer (MBSA) to version 2.3, allowing IT administrators to scan networks for missing patches on Windows Server 2012 R2 and Windows 8.1.
While you can check for missing security updates on individual servers and PCs using Windows Update, the Microsoft Baseline Security Analyzer allows IT administrators to scan PCs and servers on a network for missing security updates, and vulnerabilities that might leave Windows exposed.
Downloading and Installing Microsoft Baseline Security Analyzer 2.3 (MBSA 2.3)
You can download Microsoft Baseline Security Analyzer 2.3 for free. The latest version adds support for Windows Server 2012 R2 and Windows 8.1, but drops support for Windows 2000. I recommend installing MBSA on a Windows 8 management PC, not on a server. Follow through the simple install procedure and then double-click the Microsoft Baseline Security Analyzer shortcut on the desktop.
Scanning Single Devices
Let’s start by scanning the computer on which MBSA is installed.
- Under Tasks on the left of the main MBSA window, click Scan a computer.
- On the Which computer do you want to scan? screen, the Computer name field should show the name of the current computer. Alternatively, you can chose another device or enter an IP address. In this example, I’m going to leave the current computer selected.
- Leave all the default checks selected, and click Start Scan in the bottom right corner.
You may have noticed two options that are deselected. The Configure computers for Microsoft Update and scanning prerequisites option will update target devices with the latest Windows Update Agent (WUA) components to ensure scans are successful if required.
The Advanced Update Services options allow administrators to ensure that checks performed against computers managed by Windows Server Update Services (WSUS) return the correct results. If Scan using assigned Windows Update Services servers only is selected, devices not managed by WSUS are shown with an error message, so that unapproved security updates are not included in MBSA reports.
Once the scan has completed, you will be shown a summary of the collected information, with the option to review more details as required.
To view existing reports from previous scans, you need to go back to the MBSA start page and click View security reports under Tasks in the left pane.
Scanning Multiple Computers
Before you can scan a remote computer, you must have access to the following services on the remote device:
- Server service
- Remote registry service
- File and print sharing
- Distributed COM (DCOM)
You must also run MBSA with an account that has local administrator permission on any remote devices being scanned.
- Click Scan multiple computers under Tasks in the left pane of MBSA.
- On the Which computers do you want to scan? screen, you can choose to scan all computers in a chosen domain or a defined IP address range.
- When you have chosen the desired range, click Start Scan in the bottom right corner of MBSA.
All other scanning options are the same as for scanning a single device.
More in Security
Build 2022: Microsoft Boosts Data Analytics and Cybersecurity in New Training & Certifications
May 24, 2022 | Rabia Noureen
Microsoft Defender for Office 365 to Get Preset Security Policy Improvements In June
May 23, 2022 | Rabia Noureen
Microsoft Detects 254% Spike in XorDDoS Attacks on Linux Servers
May 23, 2022 | Rabia Noureen
CISA Warns Federal Agencies to Mitigate Critical VMware Vulnerabilities by May 23
May 20, 2022 | Rabia Noureen
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
F5 Confirms New Remote Code Execution Flaw in BIG-IP Systems
May 9, 2022 | Rabia Noureen
Most popular on petri