Microsoft Baseline Security Analyzer
   HOME

TheInfoList



Click Here for Items Related To - Microsoft Baseline Security Analyzer
OR:
Microsoft Baseline Security Analyzer on:   [Wikipedia]   [Google]   [Amazon]

Microsoft Baseline Security Analyzer (MBSA) is a discontinued software tool that is no longer available from
Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...
that determines
security Security is protection from, or resilience against, potential harm (or other unwanted coercion). Beneficiaries (technically referents) of security may be persons and social groups, objects and institutions, ecosystems, or any other entity or ...
state by assessing missing security updates and less-secure security settings within
Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
, Windows components such as
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated as IE or MSIE) is a deprecation, retired series of graphical user interface, graphical web browsers developed by Microsoft that were u ...
, IIS
web server A web server is computer software and underlying Computer hardware, hardware that accepts requests via Hypertext Transfer Protocol, HTTP (the network protocol created to distribute web content) or its secure variant HTTPS. A user agent, co ...
, and products
Microsoft SQL Server Microsoft SQL Server is a proprietary relational database management system developed by Microsoft using Structured Query Language (SQL, often pronounced "sequel"). As a database server, it is a software product with the primary function of ...
, and
Microsoft Office Microsoft Office, MS Office, or simply Office, is an office suite and family of client software, server software, and services developed by Microsoft. The first version of the Office suite, announced by Bill Gates on August 1, 1988, at CO ...
macro settings. Security updates are determined by the current version of MBSA using the Windows Update Agent present on Windows computers since Windows 2000 Service Pack 3. The less-secure settings, often called Vulnerability Assessment (VA) checks, are assessed based on a hard-coded set of registry and file checks. An example of a VA might be that permissions for one of the directories in the /www/root folder of IIS could be set at too low a level, allowing unwanted modification of files from outsiders. MBSA was written by Mark Shavlik working in partnership with Microsoft.


Version history

Versions 1.2.1 and below run on NT4, Windows 2000, Windows XP, and Windows Server 2003, provide support for IIS versions 5 through 6, SQL Server 7 and 2000,
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated as IE or MSIE) is a deprecation, retired series of graphical user interface, graphical web browsers developed by Microsoft that were u ...
5.01 and 6.0 only, and Microsoft Office 2000 through 2003. Security update assessment is provided by an integrated version of Shavlik's HFNetChk 3.8 scan tool. MBSA 1.2.1 was localized into English, German, French and Japanese versions and supported security assessment for any locale. Version 2.0 retained the hard-coded VA checks, but replaced the Shavlik security assessment engine with Microsoft Update technologies that adds dynamic support for all Microsoft products supported by
Microsoft Update Windows Update is a Microsoft service for the Windows 9x and Windows NT families of the Microsoft Windows operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. The service delivers sof ...
. MBSA 2.0.1 was released to support the revised Windows Update (WU) offline scan file (WSUSSCN2.CAB). MBSA 2.1 added Vista and Windows Server 2008 support, a new Vista-styled GUI interface, support for the latest Windows Update Agent (3.0), a new Remote Directory (/rd) feature and extended the VA checks to x64 platforms. In the August 2012 Security Bulletin Webcast Q&A on Technet it was announced that "The current version of MBSA (2.2) will not support Windows 8 and Microsoft currently has no plans to release an updated version of the tool." In November 2013 MBSA 2.3 was released. This release adds support for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 2000 will no longer be supported with this release. Microsoft support and updates for MBSA has ended. The current version 2.3 does not offer official support for Windows 10 or Windows Server 2016. The Microsoft MBSA webpage has been removed.


How MBSA differs from Microsoft Update

MBSA only scans for 3 classes of updates, security updates, service packs and update rollups. Critical and optional updates are left aside.


See also

* Belarc Advisor


References


External links

* *
Forum

Microsoft Office Visio 2007 Connector for the Microsoft Baseline Security Analyzer (MBSA) 2.1

Microsoft Baseline Security Analyzer Support
{{Microsoft Security Products Baseline Security Analyzer Microsoft Windows security technology Windows-only freeware 2004 software