Skip to main content

Microsoft Baseline Security Analyzer


Microsoft Baseline Security Analyzer (MBSA) lets administrators scan local and remote systems for missing security updates as well as common security misconfigurations.

What is the latest version of MBSA?

MBSA 2.3 builds on the previous version, MBSA 2.2 and corrects minor issues reported by customers. MBSA 2.3 is supported on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1 and Windows Server 2012 R2.

MBSA is built on the Windows Update Agent and Microsoft Update infrastructure, ensuring consistency across Microsoft management products, including Microsoft Update (MU), Windows Server Update Services 2.0 and 3.0 (WSUS), Systems Management Server Inventory Tool for Microsoft Update (ITMU) (SMS), System Center Configuration Manager (SCCM) 2007, and Small Business Server (SBS.)

Unless specifically noted, all references to MBSA 2.0 in the MBSA TechNet pages also apply to all versions of MBSA.

Which releases of Microsoft Windows does MBSA currently support?

Operating SystemMBSA
Windows XPYes
Windows XP Professional x64 EditionYes
Windows Server 2003Yes
Windows Server 2003 x64Yes
Windows Server 2003 for Itanium-based SystemsYes
Windows VistaYes
Windows Vista x64 EditionYes
Windows Server 2008 for 32-bit SystemsYes
Windows Server 2008 for x64-based SystemsYes
Windows Server 2008 for Itanium-based SystemsYes
Windows 7 for 32-bit SystemsYes
Windows 7 for x64-based SystemsYes
Windows Server 2008 R2 for x64-based SystemsYes
Windows Server 2008 R2 for Itanium-based SystemsYes
Windows 8 for 32-bit SystemsYes
Windows 8 for 64-bit SystemsYes
Windows Server 2012Yes
Windows 8.1 for 32-bit SystemsYes
Windows 8.1 for 64-bit SystemsYes
Windows Server 2012 R2Yes
Windows RTNo

Which releases of Microsoft Office does MBSA currently support?

Microsoft Office SoftwareMBSA
Microsoft Office 2003Yes
Microsoft Office 2007Yes
Microsoft Office 2010Yes
Microsoft Office 2013Yes
Microsoft Office 2013 RTNo
Microsoft Visio 2003Yes
Microsoft Visio 2007Yes
Microsoft Visio 2013Yes
Microsoft Office 2008 for MacNo
Microsoft Office for Mac 2011No
Microsoft Word ViewerYes
Microsoft Excel ViewerYes
Microsoft PowerPoint Viewer 2007Yes
Microsoft Visio Viewer 2007Yes
Microsoft Visio Viewer 2010Yes
Microsoft Visio Viewer 2013Yes
Microsoft Office Compatibility PackYes
Microsoft Office 2010 Filter PackYes
Microsoft Works 9Yes
Microsoft Groove 2007Yes
Microsoft SharePoint Workspace 2010Yes
Microsoft Office Forms Server 2007Yes
Microsoft SharePoint Server 2007Yes
Microsoft SharePoint Server 2010Yes
Microsoft SharePoint Server 2013Yes
Microsoft Groove Data Bridge Server 2007Yes
Microsoft Groove Management Server 2007Yes
Microsoft Groove Server 2010Yes
Microsoft Windows SharePoint Services 2.0Yes
Microsoft Windows SharePoint Services 3.0Yes
Microsoft SharePoint Foundation 2010Yes
Microsoft SharePoint Foundation 2013Yes
Microsoft Office Web Apps 2010Yes
Microsoft Office Web Apps 2013Yes

Note for SharePoint Server: The detection table described above is based on single-server Microsoft SharePoint Server deployments. The detection tools do not detect the applicability of the updates on systems configured as part of a multiple-system SharePoint server farm.

Note for Microsoft Account: MBSA does not support vulnerability assessment check for Microsoft account on Windows 8 and above.

Additional resources

  • Microsoft Office Visio 2007 Connector for MBSA
    This utility allows you to view the results of a Microsoft Baseline Security Analyzer scan in a clear, comprehensive Microsoft Office Visio 2007 network diagram.
  • MBSA Scripting Samples
    Features of the rollup sample scripts:
    • Ability to open the main report for a computer from within the rollup view
    • Ability to roll up all security update results without listing each bulletin explicitly on the command line
    • Ability to include scanning errors, warnings, and restart required details in roll-up view
    • Ability to summarize results for updates not yet approved on the WSUS server
    • Ability to run up to 64 scans concurrently for increased throughput

Legacy Product Support

For customers with legacy Microsoft products that are not supported by MBSA, Microsoft Update, or WSUS (or customers requiring compatibility with MBSA 1.2.1 or Shavlik’s HFNetChk technologies), Shavlik Technologies offers a free MBSA companion tool called Shavlik NetChk Limited.

Users who have the following products in their environment can use Shavlik NetChk Limited to augment MBSA 2.0.1 results for comprehensive security update detection.

  • Office 2000
  • ISA Server 2000
  • FrontPage Server Extensions 2000/2002
  • Visual Studio .NET 2002/2003
  • SQL Server 7.0/2000

For more information about Shavlik NetChk Limited, or to download the tool, visit the Shavlik download page on Shavlik's website.

The third-party tool provided at the link above is manufactured by a company that is independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Microsoft is conducting an online survey to understand your opinion of the MSDN Web site. If you choose to participate, the online survey will be presented to you when you leave the MSDN Web site.

Would you like to participate?