Monitoring Scenarios in the MBSA Management Pack
Table 1 Management Pack Monitoring Scenarios
Setup of MBSA |
|
X |
X |
Security Reporting |
Reports missing security patches
Reports on missing service packs
Detects other security vulnerabilities known to Microsoft
|
X |
X |
MBSA Issues |
MBSA setup issues on agent computers
Permissions issues on agents that prevent MBSA from scanning
MBSA scanning issues on agent computers
Issues with reading the MBSA output file on agents
|
X |
X |
Internet Explorer vulnerabilities |
Internet Explorer zones not configured for security
Internet Explorer enhanced security configuration not enabled for administrators
Internet Explorer enhanced security configuration not enabled for non-administrators
|
X |
X |
Internet Information Services vulnerabilities |
MSADC and Scripts virtual directories are installed
IIS parent paths are enabled
IISADMPWD virtual directory is installed
IIS sample applications found
IIS Lockdown Tool not run on specific servers
IIS logging is disabled
IIS is installed on a domain controller
|
X |
X |
Windows operating system vulnerabilities |
Local account password is blank or weak
Internet Connection Firewall is disabled
Too many users in the local administrators group
Auto logon is enabled
"Password never expires" is set on local account
Current RestrictAnonymous registry setting is dangerous
Automatic updates are not enabled
Local guest account is enabled
Logon and logoff event auditing is disabled
File system is not NTFS
|
X |
X |
Microsoft SQL Server vulnerabilities |
Everyone group has more than Read permissions to SQL Server registry keys
SQL Server or MSDE password is exposed in clear text log
SQL Server or MSDE local password is weak
BUILTIN\Administrators is member of SQL Server SysAdmin role
SQL Server or MSDE service accounts are running as LocalSystem
Mixed-mode authentication
SQL Server or MSDE directory access is not secure
Guest account has access to one or more databases
SQL Server or MSDE is installed on a domain controller
Non-SysAdmin user has CmdExec privileges
Too many users in the SQL Server SysAdmin role
|
X |
X |