- Secunia
- Microsoft Baseline Security Analyzer Download
- Microsoft Baseline Security Analyzer 2018 Download
Screenshot of Microsoft Baseline Security Analyzer analysis result | |
| Developer(s) | Microsoft |
|---|---|
| Initial release | 16 August 2004[1] |
| Stable release | |
| Operating system | Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, Windows XP and Windows 2000[2] |
| Platform | IA-32 and x86-64[2] |
| Size | 1.5 ~ 1.7 MB[2] |
| Available in | English, German, French and Japanese[2] |
| Type | Computer security |
| License | Freeware |
| Website | technet.microsoft.com/en-us/security/cc184924.aspx |
Microsoft Baseline Security Analyzer (MBSA) is a discontinued software tool which is no longer available from Microsoft that determines security state by assessing missing security updates and less-secure security settings within Microsoft Windows, Windows components such as Internet Explorer, IISweb server, and products Microsoft SQL Server, and Microsoft Office macro settings. Security updates are determined by the current version of MBSA using the Windows Update Agent present on Windows computers since Windows 2000 Service Pack 3. The less-secure settings, often called Vulnerability Assessment (VA) checks, are assessed based on a hard-coded set of registry and file checks. An example of a VA might be that permissions for one of the directories in the /www/root folder of IIS could be set at too low a level, allowing unwanted modification of files from outsiders.
Version history[edit]
Overall, Microsoft Baseline Security Analyzer is a handy software solution, especially because it helps make your computer a bit safer. It's easy to use, it can work both locally and remotely and allows you to print and copy the reports.
Versions 1.2.1 and below run on NT4, Windows 2000, Windows XP, and Windows Server 2003, provide support for IIS versions 5 through 6, SQL Server 7 and 2000, Internet Explorer 5.01 and 6.0 only, and Microsoft Office 2000 through 2003. Security update assessment is provided by an integrated version of Shavlik's HFNetChk 3.8 scan tool. MBSA 1.2.1 was localized into English, German, French and Japanese versions and supported security assessment for any locale.
Version 2.0 retained the hard-coded VA checks, but replaced the Shavlik security assessment engine with Microsoft Update technologies which adds dynamic support for all Microsoft products supported by Microsoft Update. MBSA 2.0.1 was released to support the revised Windows Update (WU) offline scan file (WSUSSCN2.CAB). MBSA 2.1 added Vista and Windows Server 2008 support, a new Vista-styled GUI interface, support for the latest Windows Update Agent (3.0), a new Remote Directory (/rd) feature and extended the VA checks to x64 platforms.
In the August 2012 Security Bulletin Webcast Q&A on Technet it was announced that 'The current version of MBSA (2.2) will not support Windows 8 and Microsoft currently has no plans to release an updated version of the tool.'[3]
In November 2013 MBSA 2.3 was released. This release adds support for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 2000 will no longer be supported with this release.[4]
Microsoft support and updates for MBSA has ended. The current version 2.3 does not offer official support for Windows 10 or Windows Server 2016. The Microsoft MBSA webpage has been removed.[5]
How MBSA differs from Microsoft Update[edit]
MBSA only scans for 3 classes of updates, security updates, service packs and update rollups. Critical and optional updates are left aside.
See also[edit]
References[edit]
- ^'Download Details: Microsoft Baseline Security Analyzer v1.2.1 (for IT Professionals)'. Microsoft Download Center. Microsoft Corporation. Archived from the original on 18 June 2009. Retrieved 13 October 2009.
- ^ abcde'Download Details: Microsoft Baseline Security Analyzer 2.2 (for IT Professionals)'. Microsoft Download Center. Microsoft Corporation. 6 August 2010. Retrieved 21 November 2009.
- ^'August 2012 Security Bulletin Webcast Q&A'. Microsoft. Archived from the original on 24 August 2012. Retrieved 20 August 2012.
- ^'Microsoft Baseline Security Analyzer (MBSA) 2.3|MBSA'. Microsoft. Retrieved 12 November 2013.
- ^'What is Microsoft Baseline Security Analyzer and its uses?'. Microsoft. Retrieved October 5, 2018.
Secunia
External links[edit]
- Official website
Microsoft Baseline Security Analyzer Download
In response to direct customer need for a streamlined method of identifying common security misconfigurations, Microsoft has developed the Microsoft Baseline Security Analyzer (MBSA). It includes a graphical and command line interface that can perform local or remote scans of Windows systems.
MBSA extends previous versions by adding support for Windows Vista. MBSA can be installed on computers running Windows Vista and it can scan Windows Vista computers. More information on the capabilities of MBSA is available on the MBSA Web site.
Note: This software is a pre-release version. It may not work the way a final version of the software will. We may change it for the final, commercial version. We also may not release a commercial version.
MBSA runs on Windows Vista, Windows Server 2003, Windows 2000, and Windows XP systems and will scan for common security misconfigurations in the following products: Windows Vista, Windows 2000, Windows XP, Windows Server 2003, Internet Information Server (IIS) 5.0, and 6.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000, 2002 and 2003. MBSA also scans for missing security updates, update rollups and service packs published to Microsoft Update.
System Requirements
* Supported Operating Systems: Windows 2000 Service Pack 4; Windows Server 2003; Windows Vista; Windows XP
System requirements are outlined in the main help and readme.html file that is included in the tool.