Enhanced Security Tool Posted to

Microsoft posted a minor update this week of its free Microsoft Baseline Security Analyzer (MBSA) for download from its Web site.

MBSA 1.2 is the first new version in about a year of the tool for locally or remotely identifying common security misconfigurations and scanning for missing security updates in many of Microsoft's products. The original version of MBSA came out in early 2002.

New since version 1.1 are localized versions, additional product support and additional configuration checks. MBSA is now available for German, Japanese and French.

The tool now scans for security updates in Microsoft Office, Exchange Server 2003, several versions of MDAC and MSXML, the Microsoft Virtual Machine, all versions of BizTalk Server, Commerce Server 2000 and 2002, Content Management Server 2001 and 2002, Host Integration Server 2000 and 2004 and SNA Server 4.0.

Newly supported configuration checks cover the Internet Connection Firewall, Automatic Updates, Internet Explorer zones and the MBSA tool version.

MBSA, which works locally and remotely, is one of several technologies from Microsoft for scanning systems for security purposes. It replaced the Microsoft Personal Security Advisor (MPSA) of 2001 and is a superset of the HFNetChk tool.

It differs from Windows Update, which only covers critical updates for Windows, not less serious updates or updates for other Microsoft products such as SQL Server or Microsoft Office.

MBSA 1.2 is built to support use with Microsoft Software Update Services and with the security patch management in the SMS 2.0 Software Update Services Feature Pack. Use of the combinations, however, does leave certain holes in coverage.

Meanwhile, users of the different products get different results, due to each tool's reliance on different methods to determine whether an update is present. "Microsoft is working to resolve this inconsistency so that MBSA, Windows Update, Microsoft Software Update Services, and SMS security patch management will all use the same rules for determining the presence of an update on Windows systems," Microsoft's FAQ for MBSA says. For now, Microsoft recommends that users review security bulletins when discrepancies arise.

MBSA 1.2 runs on Windows 2000, Windows XP and Windows Server 2003 and can scan those platforms plus Windows NT 4.0. MBSA will not scan Windows 95, Windows 98 or Windows Me.

The download file, the FAQ and other resources are available here:

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Drops 'Solorigate' for 'Nobelium' in Ongoing SolarWinds Attack Investigations

    Microsoft this week described "three new pieces" of malware that were used in the SolarWinds Orion espionage attacks dubbed "Solorigate," although Microsoft security researches are now calling it "Nobelium."

  • Microsoft Universal Print Service Commercially Released

    Microsoft announced on Tuesday that its Universal Print service is now commercially released at the "general availability" stage worldwide.

  • Restoring a Backup to Dissimilar Hardware: 3 Things To Watch Out For

    Getting a new desktop looking and feeling like the old one used to take a long time, but modern backup applications have greatly streamlined the process. Still, there are a few things to keep in mind to avoid potential issues.

  • Black Box

    Microsoft Releases Windows Server 2022 Preview

    Microsoft announced during its Ignite event that Window Server 2022 is currently availability at the preview stage.

comments powered by Disqus