Security Initiatives

Updated : July 1, 2005

Microsoft continues to execute on our commitment to help make customers more secure. Our goal is to help customers reduce the risk associated with malicious attacks, as well as to reduce the cost and complexity of managing security threats.

Microsoft Baseline Security Analyzer (MBSA) 1.2.1 is evidence of our commitment to continued investment in customer security.

MBSA 1.2.1 incorporates improvements based upon feedback we have heard from customers using our earlier tools. It supports more Microsoft products, checks for key security configurations such as Windows Firewall and Automatic Update settings, and is now available in localized versions.

This datasheet details the enhanced features and requirements for MBSA 1.2.1

On This Page

What is MBSA?
MBSA 1.2.1 Highlights
Features List
Products Supported
System Requirements
Required Services

What is MBSA?

MBSA is the free, best practices vulnerability assessment tool for the Microsoft platform. Designed for the IT professional, the tool helps with the assessment phase of an overall security management strategy. This phase includes examining where an environment might be most vulnerable. MBSA helps with this phase in two ways:

 
By scanning for missing security updates:

  • Windows Operating Systems

  • Microsoft Internet Information Server

  • Microsoft Exchange Server

  • Microsoft SQL Server

  • Microsoft Office

  • Microsoft Internet Explorer

 
By scanning for common configuration vulnerabilities:

  • Is Windows Firewall enabled?

  • Are Automatic Updates enabled?

  • Are strong passwords enforced?

  • Are unnecessary services running?

  • Are unsecured Guest accounts enabled?

MBSA 1.2.1 Highlights

MBSA 1.2.1 offers:

  • Support for Windows XP Service Pack 2 security enhancements.

  • Clear guidance for locating updates and necessary actions.

  • Prioritize results more easily by showing summary counts for each score

 
The following features in MBSA are available and covered in full detail in the MBSA white paper.

Alternate File Version Support (allows multiple sets of file details to be checked in security updates scan)

Additional Configuration Checks:

  • Internet Connection Firewall configuration check

  • Automatic Updates configuration check

  • Internet Explorer zone configuration checks (custom Internet Explorer zone interpretation, Internet Explorer Enhanced Security Configuration checks for Windows Server 2003)

  • MBSA tool version check (for new MBSA releases)

Features List

  • Command-line and Graphical User Interface (GUI) options

  • Scan local computer, remote computer, or groups of computers

  • Scan against Microsoft's maintained list of updates (on Microsoft.com) or local server running Software Update Services 1.0

  • Scan for common security configuration vulnerabilities

  • Scan for missing security updates

  • View reports in MBSA Graphical User Interface or Command Line Interface

  • Compatibility with SMS 2.0 and 2003 Software Update Services Feature Pack

  • Support for single processor and multiprocessor configurations

  • Localized to English, French, German, and Japanese although MBSA 1.2.1 can scan a machine of any locale

Products Supported

Checks for common security configuration vulnerabilities for:

  • Windows 2000, XP, 2003

  • IIS 4.0, 5.0, 6.0

  • SQL 7.0, 2000

  • IE 5.01, 6.0 (5.5 is not supported)

  • Office 2000, XP, 2003

 
Checks for security updates for:

  • Windows 2000, XP, 2003

  • IIS 4.0, 5.0, 6.0

  • SQL 7.0, 2000 (includes MSDE)

  • IE 5.01, 6.0 (5.5 is not supported)

  • Exchange 5.5, 2000, 2003

  • Windows Media Player 6.4+ (10.x is not supported)

  • Office 2000, XP, 2003

  • MSXML 2.5, 2.6, 3.0, 4.0

  • MDAC 2.5, 2.6, 2.7, 2.8

  • Microsoft Virtual Machine (VM)

  • Commerce Server 2000, 2002

  • Content Management Server 2001, 2002

  • BizTalk 2000, 2002, 2004

  • Host Integration Server 2000, 2004 (also SNA Server 4.0)

System Requirements

  • Windows Server 2003, Windows 2000 or Windows XP

  • IE 5.01+

  • XML parser (MSXML version 3.0 w/ latest SP)

  • IIS Common Files (required on local computer when scanning remote IIS computers)

  • Firewall ports

    • Port 80 (HTTP) needed to download latest update file

    • TCP 139, 445 needed to scan remote computers

  • User must be running as local Administrator

Required Services

Scanning local computer

  • Workstation service

  • Server service

 
Remote scanning computer running MBSA

  • Workstation service

  • Client for MS Networks

 
Remote scanning computer running MBSA

  • Server service

  • Remote registry service

  • File & Print Sharing