Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS), System Center Configuration Manager (SCCM) 2007, and Small Business Server (SBS). Used by many leading third party security vendors and security auditors, MBSA on average scans over 3 million computers each week. Join the thousands of users that depend on MBSA for analyzing their security state.
MBSA 2.1 is now available
In order to provide support for Windows Vista, Windows Server 2008, 64-bit scan tool and vulnerability assessment check support, new Windows Embedded support, and compatibility with the latest versions of the Windows Update Agent (WUA) Microsoft Baseline Security Analyzer (MBSA) 2.1 is now available.
What is MBSA 2.1?
MBSA 2.1 is an update to MBSA 2.0.1 to provide full Windows Vista and Windows Server 2008 support, general improvements and customer-requested enhancements.
Will I notice a difference when I run MBSA 2.1?
By customer request, the automatic distribution of the latest Windows Update Agent (WUA) client to client computers scanned by MBSA has been disabled in MBSA 2.1. This may prevent MBSA from successfully scanning computers that do not have the latest WUA client installed. Administrators and security auditors will want to select the option to "Configure computers for Microsoft Update and scanning prerequisites" in order to improve security scan success.
Note: Unless specifically noted, all references to MBSA 2.0 in the MBSA TechNet pages also apply to MBSA 2.1.
New features in MBSA 2.1
- Support for Windows Vista and Windows Server 2008
- Updated graphical user interface
- Full support for 64-bit platforms and vulnerability assessment (VA) checks against 64-bit platforms and components
- Improved support for Windows XP Embedded platform
- Improved support for SQL Server 2005 vulnerability assessment (VA) checks
- Automatic Microsoft Update registration and agent update (if selected) using the graphical interface or from the command-line tool using the /ia feature
- New feature to output completed scan reports to a user-selected directory path or network share (command-line /rd feature) Windows Server Update Services 2.0 and 3.0 compatibility
.jpg) | | Download Now |
Frequently Asked Questions
Please refer to the MBSA Q&A for answers to commonly asked questions about MBSA and other Microsoft security tools.
Additional Resources
- Microsoft Office Visio 2007 Connector for MBSA 2.1
This utility allows you to view the results of a Microsoft Baseline Security Analyzer scan in a clear, comprehensive Microsoft Office Visio 2007 network diagram. - How to script MBSA
Features of the rollup sample scripts: - Ability to open the main report for a computer from within the rollup view
- Rollup all security update results without listing each bulletin explicitly on the command line
- Rollup view includes scanning errors, warnings, and restart required details
- Summarize results for updates not yet approved on the WSUS server
- Run up to 64 scans concurrently for increased throughput
Download the MBSA 2.0 Scripting Samples from the Microsoft Download Center.