Starting with MBSA 2.0, reports based on scanned computers running Windows NT 4.0 will receive a critical warning for the Windows Administrative Vulnerability check called Operating System Version. Previous versions of MBSA would provide an informational score for the Windows version, and a recommendation to run Windows 2000 or later.

The rollup scripts have been updated with the enhanced report format of MBSA 2.0. The updated samples are available at the Microsoft Download Center and are not compatible with the previous samples.

Prior versions of MBSA relied upon only an offline catalog for scanning. As the size of this catalog increases over time, the network performance can degrade. By being integrated with Windows Server Update Services, MBSA 2.0 is able to scan using the client's assigned Update Services server catalog as well as the Microsoft Update site catalog. These server-based catalogs are preferred sources, but MBSA automatically reverts to the use of the offline catalog if needed.

Updates for multiple products within the same bulletin will be shown as different product families in the Issue column of the report summary. Each product-specific variation within the bulletin typically includes a different Knowledge Base article number, however in some cases, there could be multiple updates within the same product category.

Microsoft Baseline Security Analyzer (MBSA) 2.0 is an easy to use tool that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common administrative vulnerabilities and missing security updates on your computer systems.

No. Windows Update Agent is an important part of security that enables you to obtain updates from an Update Services server or from Microsoft Update. An earlier version of Windows Update Agent is also built into Windows Server 2003 SP1 and Windows XP SP2. All computers with an Internet connection running Windows 2000 SP3 or later with Automatic Updates configured to run automatically update themselves to the latest version of the agent.

MBSA 2.0 reports a critical warning in the Operating System Version check indicating that this operating system version is no longer supported. This check is helpful in identifying computers that cannot be scanned for security updates and represent a security threat to the environment as a result. Note that scanning a computer running Windows NT 4.0 is not supported; however, when such a configuration exists within a domain or an IP range, MBSA provides stable behavior.

MBSA 2.0 provides support for performing the security updates portion of a scan against the Update Services server that each scanned computer is assigned to as well as performing a standalone scan for customers without an Update Services server. Administrators can select options in the MBSA graphical user interface or in the MBSA command-line interface to ignore or exclusively observe the Update Services approved list of updates.

MBSA 2.0 uses your Internet Explorer settings to perform the download. Use the Internet Options settings page of Internet Explorer to configure these settings. If your network is configured to support auto detection of proxy servers, select Automatically detect settings. If your network is not configured to support auto detection of proxy servers, select Use a proxy server for your LAN, and then type the name or IP address of the proxy server in the Address box.

Product Support Services (PSS) supports MBSA 2.0. Based on the improved detection capability of Microsoft Update, we recommend customers migrate to MBSA 2.0 as quickly as possible to take advantage of the improvements in update scanning. MBSA 1.2.1 is still supported for by PSS when MBSA 2.0 is not suitable based on product update availability in Microsoft Update. Note that the MSSecure.XML detection catalog used by MBSA 1.2.1 will no longer be updated starting in the first quarter of 2006.

MBSA 2.0 has been localized in four languages (English, German, French, and Japanese). The underlying update detection will accurately scan target computers in any language supported by the Microsoft Update and Windows Server Update Services technologies. These detection catalogs allow MBSA 2.0 to scan a target computer of any language and will return the proper results in the language of the scanning computer (the computer on which MBSA 2.0 was installed).

The latest version of MBSA is version 2.0.1, which is also referred to as 2.0.6706.0 on some screens. The 6706.0 refers to the build version. The official version number appears in the About Microsoft Baseline Security Analyzer link. If you are running MBSA 1.2.1, you will see a message while starting up the GUI that a new version is available because MBSA 2.0.1 has released. If both MBSA 1.2.1 and MBSA 2.0 are installed on the same computer, MBSA 1.2.

MBSA 2.0.1 is an update to MBSA 2.0 to enable compatibility with the new Windows Update (WU) offline scan file. (For information on the new scan file, see Microsoft Knowledge Base article 926464.) This fix enables MBSA to download and read the new file format. If you only run MBSA 2.0 in the online mode, then you do not need to do upgrade. If you use MBSA in the offline mode, you will need to download the new version of MBSA. You will also need to download the new offline scan file, wsusscn2.

Following the release of Microsoft Update, the products it supports will continue to grow. Users with the following baseline of products are recommended to use MBSA 2.0: MBSA 2.0 also offers additional detection beyond MBSA 1.2.1 for the following products and components: However, there are several products supported by MBSA 1.2.1 that will not be immediately available in Microsoft Update so MBSA 2.

No, MBSA 2.0 will install into a separate folder and can be run concurrently with MBSA 1.2.1. Once the changes in functionality between MBSA 1.2.1 and MBSA 2.0 have been thoroughly reviewed, you can uninstall MBSA 1.2.1 using Add or Remove Programs. Before removing MBSA 1.2.1, we recommend that you review Microsoft Knowledge Base article 895660 to ensure full coverage for products in your environment.

Any update published on Microsoft Update as a security update, update rollup, or service pack can be scanned using MBSA 2.0. These updates have been defined by Microsoft as follows: Security update—A broadly released fix for a product-specific security-related vulnerability. Security vulnerabilities are rated based on their severity which is indicated in the Microsoft security bulletin as critical, important, moderate, or low.

Microsoft Update is a Web site that can scan a single computer and indicate missing/needed updates and install them as a group. MBSA allows multiple computers to be scanned for missing/needed updates at one time to corporate environments by providing remote scanning. By allowing computers to be configured for Microsoft Update, MBSA helps customers using Windows Update to get updated for other Microsoft products more easily.

The MBSA 2.0 EULA must be accepted by the end customer, at which point the software can be distributed internally and integrated with a third-party solution.

MBSA can be installed and run on Windows 2000 Service Pack 3 or later, Windows XP Home Edition, Windows XP Professional, and Windows Server 2003. MBSA can be run over the network to scan computers running Microsoft Windows 2000 Server, Windows 2000 Workstation, Windows XP Professional, Windows XP Embedded and Windows Server 2003.

Scanning in MBSA 2.0 is not performed in parallel unless multiple copies of MBSA 2.0 are run at the same time to scan different computers. Mbsacli.exe can be used with the new /listfile (list of computer names or IP addresses) parameter to scan computers listed in a text file containing computer names or IP addresses. This file can be a maximum of 100 MB in size. Using scripting (not provided with the MBSA 2.

In addition to the current audit message written to the event log, additional events may be written based on the new remote installer used by MBSA to configure the target computer to use Windows Update Agent or Microsoft Update for scanning. An example of an event: Event Type:Information Event Source:MBSA Event Category:None Event ID:1 Date:3/12/2005 Time:1:33:44 PM User:domain\username Computer:computer Description: Security analysis complete. Scanned from nnn.nnn.n.n.

Depending upon the automatic configuration option selected for the scan, MBSA 2.0 has the ability to deploy Windows Update Agent and perform a configuration change that allows the target computer to use Microsoft Update for scanning and obtaining updates. If either of these actions is needed for the target computer to be scanned, MBSA 2.0 checks the Microsoft Web site to ensure it has the latest versions of the files needed for these changes and downloads them if newer files are available.

Windows 2000 Server/Advanced Server is the server edition of Windows 2000, which is designed to serve small- to mid-sized businesses and workgroups. Server supports up to 4GB of physical RAM and up to 4 processors per computer. Advanced Server supports up to 8GB of RAM and 8 processors per computer. Windows 2000 Datacenter Server is designed for large businesses and computer clusters.

MBSA 2.0 offers extended security configuration checks beyond the other Microsoft updating technologies. Furthermore, MBSA 2.0 is designed to be used in conjunction with Microsoft Update (MU), Windows Server Update Services (WSUS) and the SMS Inventory Tool for Microsoft Updates (ITMU) in order to audit and verify the update state of a target machine. MBSA 2.0 offers complete consistency with the other tools since it also utilizes the common Windows Update Agent (WUA) infrastructure. MBSA 1.2.

SMS 2003 Service Pack 1 has an integrated tool to access Windows Update Agent directly for scanning security updates and does not use MBSA 2.0 for scanning. For more information about the Inventory Tool for Microsoft Update and how administrators can use SMS 2003 to deploy security updates, see the SMS 2003 Security Patch Management Web site.

A complete list of changes can be found in the release notes, and detailed descriptions of the options are included in MBSA Help. Both can be viewed by clicking the Help link in the MBSA navigation bar.

Windows Update Agent is a Windows component. This component provides update management functionality that was introduced in Windows XP SP2. A newer version of this component with remote scanning functionality has been added to Windows Server 2003 SP1 and as a separate installation package for computers on isolated networks.

Yes, this table describes the support for each platform. Some platforms are provided limited support in this version. Windows 2000 SP3 is a minimum requirement, in addition to the availability of Windows products for each processor type. When scanning computers running a Windows XP Embedded edition or an Itanium-based (IA64) computer, the administrator must manually install and configure WUA and Microsoft Update.

For the answer to this question, please refer to Knowledge Base Article 903773, "No Microsoft Office updates are displayed when you use Microsoft Update or Windows Server Update Services."

Performance depends upon the speed of the connection to the Microsoft Update site or Update Services server, as well as how recently the client has synchronized the catalog from its server. The number and types of products installed can also influence the performance of a scan. Be sure to check these timings based on your own hardware configuration and server settings since performance will vary.