Main menu


Advertisements

Originally created as a place for me to store some notes, this blog comments on my daily encounters with technology and aims to share some of this knowledge with fellow systems administrators and technical architects across the 'net. Amazingly, it's become quite popular!

SmartFeed by FeedBurner Subscribe to the site feed.

If you find the information here useful, then please consider linking to this site.

Recent Contributions

Tag cloud

Active Directory Adobe ADSL Apache App-V (SoftGrid) Apple Architecture BizTalk Server Blogger Blogging Bluetooth Bridge CA Camera Raw Certification Configuration Manager (SMS) Dell Desktop Search Digital photography DNG DNS Domain names DRM Dynamics CRM E-mail ESXi Exchange Hosted Services Exchange Server File formats Flash Forefront Friends Front Row FTP Google Green computing Groove History Host Integration Server HP Humour IAG IBM/Lenovo IIS iLife Industry trends Instant messaging Internet IP Phone iPhone iPod ISA Server iSight IT law IT Operations iTunes Java Lightroom Linux Live Meeting Live/Office Communications Server Macintosh Mainframes Malware MED-V Microsoft Microsoft.NET MIIS Mobility Money Motoring MS-DOS NetWare Networking hardware Networks Novell Office Office Communicator OpenOffice Operations Manager OS deployment OS X Outlook P2P Parallels Desktop Patch management PC hardware Photography Photoshop PHP Podcasts PowerPoint Press coverage Professional skills Project Proxy Server QOS QuickTime Real Player Remote access RFID RSS SAP Scripting Search Security Server hardware SharePoint Site notices Skype Social networking Software licensing Solaris Spam SQL Server Storage Symantec System Center Tablet PCs TCP/IP Telephony TV Useful books Useful software Useful websites Video Virtual Infrastructure Virtual PC Virtual Server/Hyper-V Virtualisation Visio Visual Studio VMM VMware VMware Fusion VMware Player VMware Server VMware Workstation Waffle and randomness Web browsers Web services Website development Wi-Fi Windows Windows 2000 Windows 7 Windows 9x Windows Home Server Windows Live/MSN Windows Media Windows Mobile Windows NT Windows PE Windows Server 2003 Windows Server 2008 Windows Small Business Server 2003 Windows Vista Windows XP Word WordPerfect WordPress WWW XBox 360 Xen Zune

Calendar

February 2004
M T W T F S S
« Jan   Mar »
 1
2345678
9101112131415
16171819202122
23242526272829

Archive

Overview of the Microsoft Baseline Security Analyzer

Like Microsoft Software Update Services, the Microsoft Baseline Security Analyzer (MBSA) is a security toolkit component born out of the Microsoft Strategic Technology Protection Program (STPP).

MBSA v1.2 is available for download from the Microsoft website and provides a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows Server 2003, Windows 2000, and Windows XP systems and will scan for common security misconfigurations in the following Microsoft products:

  • Windows NT 4.0.
  • Windows 2000.
  • Windows XP.
  • Windows Server 2003.
  • Internet Information Services (IIS) 4.0, 5.0, and 6.0.
  • SQL Server 7.0 and 2000.
  • Internet Explorer (IE) 5.01 and later.
  • Office 2000, 2002 and 2003.

MBSA also scans for missing security updates for the following Microsoft products:

  • Windows NT 4.0.
  • Windows 2000.
  • Windows XP.
  • Windows Server 2003.
  • IIS.
  • SQL.
  • Exchange.
  • IE.
  • Windows Media Player.
  • MDAC.
  • MSXML.
  • VM.
  • Office.
  • Content Management Server.
  • Commerce Server.
  • Host Integration Server.
  • BizTalk Server.

MBSA replaces and expands on the former HFNetChk tool to check for required hotfixes but two useful command line variants (which must be run from the folder where Microsoft Baseline Security Analyzer is installed) are:

mbsacli /hf -h computername -u username -p password

(used to check against the Microsoft Windows Update servers for missing hotfixes); and:

mbsacli /hf -h computername -sus susservername -u username -p password

(used to check against a specified SUS servers for missing hotfixes).

MBSA should be run periodically to check for security issues, finding workstations with vulnerabilities and/or weak passwords, allowing steps to be taken to force a user to take action.

Posted: 18:00 on Monday 23 February 2004 under Patch management, Microsoft.
Comments: none
RSS RSS (for comments on this post only)Share This

Write a comment

Please note the rules for comments and the privacy policy and data protection notice. I'm sorry but, because not everyone sticks to the rules, I've had to implement some spam prevention measures - if you're experiencing difficulties leaving a comment, please let me know.





The following XHTML tags may be used: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>