Enhanced Security Tool Posted to

Microsoft posted a minor update this week of its free Microsoft Baseline Security Analyzer (MBSA) for download from its Web site.

MBSA 1.2 is the first new version in about a year of the tool for locally or remotely identifying common security misconfigurations and scanning for missing security updates in many of Microsoft's products. The original version of MBSA came out in early 2002.

New since version 1.1 are localized versions, additional product support and additional configuration checks. MBSA is now available for German, Japanese and French.

The tool now scans for security updates in Microsoft Office, Exchange Server 2003, several versions of MDAC and MSXML, the Microsoft Virtual Machine, all versions of BizTalk Server, Commerce Server 2000 and 2002, Content Management Server 2001 and 2002, Host Integration Server 2000 and 2004 and SNA Server 4.0.

Newly supported configuration checks cover the Internet Connection Firewall, Automatic Updates, Internet Explorer zones and the MBSA tool version.

MBSA, which works locally and remotely, is one of several technologies from Microsoft for scanning systems for security purposes. It replaced the Microsoft Personal Security Advisor (MPSA) of 2001 and is a superset of the HFNetChk tool.

It differs from Windows Update, which only covers critical updates for Windows, not less serious updates or updates for other Microsoft products such as SQL Server or Microsoft Office.

MBSA 1.2 is built to support use with Microsoft Software Update Services and with the security patch management in the SMS 2.0 Software Update Services Feature Pack. Use of the combinations, however, does leave certain holes in coverage.

Meanwhile, users of the different products get different results, due to each tool's reliance on different methods to determine whether an update is present. "Microsoft is working to resolve this inconsistency so that MBSA, Windows Update, Microsoft Software Update Services, and SMS security patch management will all use the same rules for determining the presence of an update on Windows systems," Microsoft's FAQ for MBSA says. For now, Microsoft recommends that users review security bulletins when discrepancies arise.

MBSA 1.2 runs on Windows 2000, Windows XP and Windows Server 2003 and can scan those platforms plus Windows NT 4.0. MBSA will not scan Windows 95, Windows 98 or Windows Me.

The download file, the FAQ and other resources are available here:

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Deprecating Windows To Go

    Microsoft plans to put an end to its Windows To Go product in the near future, according to a Friday support article.

  • Microsoft Releases Hyper-V Server 2019 After Long Delay

    Acknowledging that the release took "way too long," Microsoft has made Hyper-V Server 2019 available for download from the Microsoft Evaluation Center page.

  • Forklift Container

    A Better Way To Upgrade Hyper-V Storage

    It's time again for Brien to perform a major storage upgrade on his Hyper-V hosts. But this time, he's taking a new approach.

  • RAMBleed Side-Channel Attack Method Disclosed by Researchers

    Academic researchers this week published information about another side-channel attack method, called "RAMBleed," that can expose information from memory chips, including encryption key information.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.