TechNet Home > Home > Microsoft Baseline Security Analyzer

MBSA 1.2.1 Datasheet

Security Initiatives

Updated: July 1, 2005

Microsoft continues to execute on our commitment to help make customers more secure. Our goal is to help customers reduce the risk associated with malicious attacks, as well as to reduce the cost and complexity of managing security threats.

Microsoft Baseline Security Analyzer (MBSA) 1.2.1 is evidence of our commitment to continued investment in customer security.

MBSA 1.2.1 incorporates improvements based upon feedback we have heard from customers using our earlier tools. It supports more Microsoft products, checks for key security configurations such as Windows Firewall and Automatic Update settings, and is now available in localized versions.

This datasheet details the enhanced features and requirements for MBSA 1.2.1

*
On This Page
What is MBSA?What is MBSA?
MBSA 1.2.1 HighlightsMBSA 1.2.1 Highlights
Features ListFeatures List
Products SupportedProducts Supported
System RequirementsSystem Requirements
Required ServicesRequired Services

What is MBSA?

MBSA is the free, best practices vulnerability assessment tool for the Microsoft platform. Designed for the IT professional, the tool helps with the assessment phase of an overall security management strategy. This phase includes examining where an environment might be most vulnerable. MBSA helps with this phase in two ways:

 
By scanning for missing security updates:

Windows Operating Systems

Microsoft Internet Information Server

Microsoft Exchange Server

Microsoft SQL Server

Microsoft Office

Microsoft Internet Explorer

 
By scanning for common configuration vulnerabilities:

Is Windows Firewall enabled?

Are Automatic Updates enabled?

Are strong passwords enforced?

Are unnecessary services running?

Are unsecured Guest accounts enabled?

Top of pageTop of page

MBSA 1.2.1 Highlights

MBSA 1.2.1 offers:

Support for Windows XP Service Pack 2 security enhancements.

Clear guidance for locating updates and necessary actions.

Prioritize results more easily by showing summary counts for each score

 
The following features in MBSA are available and covered in full detail in the MBSA white paper.

Alternate File Version Support (allows multiple sets of file details to be checked in security updates scan)

Additional Configuration Checks:

Internet Connection Firewall configuration check

Automatic Updates configuration check

Internet Explorer zone configuration checks (custom Internet Explorer zone interpretation, Internet Explorer Enhanced Security Configuration checks for Windows Server 2003)

MBSA tool version check (for new MBSA releases)

Top of pageTop of page

Features List

Command-line and Graphical User Interface (GUI) options

Scan local computer, remote computer, or groups of computers

Scan against Microsoft's maintained list of updates (on Microsoft.com) or local server running Software Update Services 1.0

Scan for common security configuration vulnerabilities

Scan for missing security updates

View reports in MBSA Graphical User Interface or Command Line Interface

Compatibility with SMS 2.0 and 2003 Software Update Services Feature Pack

Support for single processor and multiprocessor configurations

Localized to English, French, German, and Japanese although MBSA 1.2.1 can scan a machine of any locale

Top of pageTop of page

Products Supported

Checks for common security configuration vulnerabilities for:

Windows 2000, XP, 2003

IIS 4.0, 5.0, 6.0

SQL 7.0, 2000

IE 5.01, 6.0 (5.5 is not supported)

Office 2000, XP, 2003

 
Checks for security updates for:

Windows 2000, XP, 2003

IIS 4.0, 5.0, 6.0

SQL 7.0, 2000 (includes MSDE)

IE 5.01, 6.0 (5.5 is not supported)

Exchange 5.5, 2000, 2003

Windows Media Player 6.4+ (10.x is not supported)

Office 2000, XP, 2003

MSXML 2.5, 2.6, 3.0, 4.0

MDAC 2.5, 2.6, 2.7, 2.8

Microsoft Virtual Machine (VM)

Commerce Server 2000, 2002

Content Management Server 2001, 2002

BizTalk 2000, 2002, 2004

Host Integration Server 2000, 2004 (also SNA Server 4.0)

Top of pageTop of page

System Requirements

Windows Server 2003, Windows 2000 or Windows XP

IE 5.01+

XML parser (MSXML version 3.0 w/ latest SP)

IIS Common Files (required on local computer when scanning remote IIS computers)

Firewall ports

Port 80 (HTTP) needed to download latest update file

TCP 139, 445 needed to scan remote computers

User must be running as local Administrator

Top of pageTop of page

Required Services

Scanning local computer

Workstation service

Server service

 
Remote scanning computer running MBSA

Workstation service

Client for MS Networks

 
Remote scanning computer running MBSA

Server service

Remote registry service

File & Print Sharing


Top of pageTop of page