Microsoft Baseline Security Analyzer 2.0
Published: July 1, 2005 | Updated: November 7, 2006
On This Page
MBSA 2.0.1 is now available
In order to maintain compatibility with Windows Update, Microsoft Baseline Security Analyzer (MBSA) 2.0.1 is now available.
Can I use MBSA 2.0.1 with Windows Vista?
Validly licensed Windows Vista users may install and use Version 2.0.1 of MBSA according to its License Terms even though Windows Vista is not expressly listed in the License Terms as a supported operating system. Be advised that Microsoft does not support running MBSA 2.0.1 on Windows Vista and it is not supported to conduct Vulnerability Assessment checks against computers running Windows Vista. In addition, there are currently some limitations in conducting remote security update scans against Windows Vista machines. See http://support.microsoft.com/kb/931943/ for more details. MBSA 2.1 Beta will be coming soon and will include full Windows Vista support.
What is MBSA 2.0.1?
MBSA 2.0.1 is an update to MBSA 2.0 to enable compatibility with the new Windows Update (WU) offline scan file. (For information on the new scan file, see http://support.microsoft.com/kb/926464.) This fix enables MBSA to download and read the new file format.
In order to run offline scans, MBSA 2.0 must have the scan file on the scanning machine. MBSA 2.0 automatically downloads this file if the scanning machine has Internet access. If not, the file must be downloaded and installed manually. MBSA 2.0.1 behaves in the same manner, except that it uses the new scan file.
What do users need to do?
If you use MBSA in the offline mode, you will need to download the new version of MBSA. See the Download Now section below.
You will also need to download the new offline scan file, wsusscn2.cab, by clicking http://go.microsoft.com/fwlink/?LinkId=76054. Save this file to C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\MBSA\2.0\Cache\wsusscn2.cab.
What if I don’t download MBSA 2.0.1?
If you only run MBSA 2.0 in the online mode, where all target machines have direct connection to the Internet to access the Microsoft Update site or are assigned to an internal WSUS Server, then you do not need to do anything
If you use MBSA 2.0 in the offline mode, it will no longer work after March 2007. The ouliated wsusscan.cab catalog used by MBSA has reached its effective end-of-life and has been replaced by the newer wsusscn2.cab catalog used by MBSA 2.0.1 and MBSA 2.1. (For more information on which updates have been removed from the ouliated offline scan file, see http://support.microsoft.com/kb/924513/.)
Will I notice a difference when I run MBSA 2.0.1?
The first time MBSA 2.0.1 is executed against a given set of machines, it will first push out and install the updated Windows Update Agent. This will increase the scan time beyond what would normally be expected. Subsequent scans will execute as normal.
Note: Unless specifically noted, all references to MBSA 2.0 in the MBSA TechNet pages also apply to MBSA 2.0.1.
MBSA 2.0
Microsoft Baseline Security Analyzer (MBSA) 2.0 is an easy-to-use tool that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS) and Microsoft Operations Manager (MOM). Used by many leading third party security vendors including Tivoli, Patchlink and Citadel, MBSA on average scans over 3 million computers each week. Join the thousands of users that depend on MBSA for analyzing their security state.
MBSA 2.0 needed for Update Services compatibility: Users of Windows Server Update Services should update their MBSA to version 2.0 for compatibility.
New Features found in MBSA 2.0:
- Severity Ratings
- Locally and remotely scan for Office XP or later security updates
- Added guidance for locating updates and necessary actions
- CVE-IDs for supported updates
- Improved help content
- Windows Server Update Services compatibility
- Automatic Microsoft Update registration and agent update
- Support for detection of updates on 64bit Windows and Windows XP Embedded
Download Now
The following versions of MBSA are available for download:
Detailed Information
Please refer to the MBSA 2.0 datasheet for more information about MBSA 2.0, including new improvements, features, and system requirements.
Frequently Asked Questions (FAQ)
Please refer to the MBSA 2.0 Q&A for answers to commonly asked questions about MBSA and other Microsoft security tools.
Additional Resources