Microsoft Baseline Security Analyzer


Microsoft Baseline Security Analyzer (MBSA) lets administrators scan local and remote systems for missing security updates as well as common security misconfigurations.

  • Download MBSA
  • Current version of MBSA
  • Supported versions of Microsoft Windows
  • Supported versions of Microsoft Office
  • Additional Resources
  • Legacy product support

What is the latest version of MBSA?

MBSA 2.3 builds on the previous version, MBSA 2.2 and corrects minor issues reported by customers. MBSA 2.3 is supported on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1 and Windows Server 2012 R2.

MBSA is built on the Windows Update Agent and Microsoft Update infrastructure, ensuring consistency across Microsoft management products, including Microsoft Update (MU), Windows Server Update Services 2.0 and 3.0 (WSUS), Systems Management Server Inventory Tool for Microsoft Update (ITMU) (SMS), System Center Configuration Manager (SCCM) 2007, and Small Business Server (SBS.)

Unless specifically noted, all references to MBSA 2.0 in the MBSA TechNet pages also apply to all versions of MBSA.

Which releases of Microsoft Windows does MBSA currently support?

Operating System MBSA
Windows XP Yes
Windows XP Professional x64 Edition Yes
Windows Server 2003 Yes
Windows Server 2003 x64 Yes
Windows Server 2003 for Itanium-based Systems Yes
Windows Vista Yes
Windows Vista x64 Edition Yes
Windows Server 2008 for 32-bit Systems Yes
Windows Server 2008 for x64-based Systems Yes
Windows Server 2008 for Itanium-based Systems Yes
Windows 7 for 32-bit Systems Yes
Windows 7 for x64-based Systems Yes
Windows Server 2008 R2 for x64-based Systems Yes
Windows Server 2008 R2 for Itanium-based Systems Yes
Windows 8 for 32-bit Systems Yes
Windows 8 for 64-bit Systems Yes
Windows Server 2012 Yes
Windows 8.1 for 32-bit Systems Yes
Windows 8.1 for 64-bit Systems Yes
Windows Server 2012 R2 Yes
Windows RT No

Which releases of Microsoft Office does MBSA currently support?

Microsoft Office Software MBSA
Microsoft Office 2003 Yes
Microsoft Office 2007 Yes
Microsoft Office 2010 Yes
Microsoft Office 2013 Yes
Microsoft Office 2013 RT No
Microsoft Visio 2003 Yes
Microsoft Visio 2007 Yes
Microsoft Visio 2013 Yes
Microsoft Office 2008 for Mac No
Microsoft Office for Mac 2011 No
Microsoft Word Viewer Yes
Microsoft Excel Viewer Yes
Microsoft PowerPoint Viewer 2007 Yes
Microsoft Visio Viewer 2007 Yes
Microsoft Visio Viewer 2010 Yes
Microsoft Visio Viewer 2013 Yes
Microsoft Office Compatibility Pack Yes
Microsoft Office 2010 Filter Pack Yes
Microsoft Works 9 Yes
Microsoft Groove 2007 Yes
Microsoft SharePoint Workspace 2010 Yes
Microsoft Office Forms Server 2007 Yes
Microsoft SharePoint Server 2007 Yes
Microsoft SharePoint Server 2010 Yes
Microsoft SharePoint Server 2013 Yes
Microsoft Groove Data Bridge Server 2007 Yes
Microsoft Groove Management Server 2007 Yes
Microsoft Groove Server 2010 Yes
Microsoft Windows SharePoint Services 2.0 Yes
Microsoft Windows SharePoint Services 3.0 Yes
Microsoft SharePoint Foundation 2010 Yes
Microsoft SharePoint Foundation 2013 Yes
Microsoft Office Web Apps 2010 Yes
Microsoft Office Web Apps 2013 Yes

Note for Microsoft Account: MBSA does not support vulnerability assessment check for Microsoft account on Windows 8 and above.

Additional resources

  • Microsoft Office Visio 2007 Connector for MBSA
    This utility allows you to view the results of a Microsoft Baseline Security Analyzer scan in a clear, comprehensive Microsoft Office Visio 2007 network diagram.
  • MBSA Scripting Samples
    Features of the rollup sample scripts:
    • Ability to open the main report for a computer from within the rollup view
    • Ability to roll up all security update results without listing each bulletin explicitly on the command line
    • Ability to include scanning errors, warnings, and restart required details in roll-up view
    • Ability to summarize results for updates not yet approved on the WSUS server
    • Ability to run up to 64 scans concurrently for increased throughput

Legacy Product Support

For customers with legacy Microsoft products that are not supported by MBSA, Microsoft Update, or WSUS (or customers requiring compatibility with MBSA 1.2.1 or Shavlik’s HFNetChk technologies), Shavlik Technologies offers a free MBSA companion tool called Shavlik NetChk Limited.

Users who have the following products in their environment can use Shavlik NetChk Limited to augment MBSA 2.0.1 results for comprehensive security update detection.

  • Office 2000
  • ISA Server 2000
  • FrontPage Server Extensions 2000/2002
  • Visual Studio .NET 2002/2003
  • SQL Server 7.0/2000

For more information about Shavlik NetChk Limited, or to download the tool, visit the Shavlik download page on Shavlik's website.

The third-party tool provided at the link above is manufactured by a company that is independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.