Microsoft has released a new version of their Baseline Security Analyzer tool, developed in conjunction with Shavlik Technologies. The MBSA (as it's commonly abbreviated) is a utility that performs security assessments on one or many different machines and produces detailed reports about its findings.
The reports produced by the tool not only include what has been scanned and what vulnerabilities were found, but how to fix them and what their likely impact on the computer's security are. For instance, a vulnerability that is only available to a locally logged-in user is still considered a threat, but not as profound a threat as a remote network exploit.
MBSA runs on Windows 2000, XP and Server 2003 systems, and can scan for vulnerabilities in Windows NT 4.0, 2000, XP, and Server 2003, including Small Business Server 2003. It does not need to be installed on the computer it is scanning, but the remote machine must have the Server, Remote Registry and File and Print Sharing services running. The scanning tool must be run locally as an administrator, and administrative shares must be enabled on a remote computer to be scanned.
The scan encompasses vulnerabilities in not only the underlying operating system, but in many common Windows components: IIS, SQL Server, Internet Explorer, Office, Exchange Server, Windows Media Player, the Microsoft Data Access Components (MDAC) layer, MSXML, Microsoft Virtual Machine (note that many newer installations of Windows do not have the Virtual Machine installed), Commerce Server, Content Management Server, BizTalk Server, and Host Integration Server. Any missing service packs or patches for these products will be detected and recommended.
Aside from the GUI edition of the tool, there is also a command-line version named mbsacli (invoked from the folder where the tool has been installed). Note that the MBSA tool is not a patch manager; it does not download and install recommended fixes, but simply provides information to the administrator about what to download and how to install it.
The newest version of the tool is also designed to run on and analyze systems that have been patched with Windows XP Service Pack 2. The MBSA tool can be downloaded from www.microsoft.com/technet/security/tools/mbsahome.mspx. For details on how to write administrative scripts using the tool, see www.microsoft.com/technet/security/tools/mbsascript.mspx.
Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter. Check out his Windows 2000 blog for his latest advice and musings on the world of Windows network administrators – please share your thoughts as well!
