Any update published on Microsoft Update as a security update, update rollup, or service pack can be scanned using MBSA 2.0. These updates have been defined by Microsoft as follows: Security update—A broadly released fix for a product-specific security-related vulnerability. Security vulnerabilities are rated based on their severity which is indicated in the Microsoft security bulletin as critical, important, moderate, or low.

Microsoft Baseline Security Analyzer (MBSA) 2.0 is an easy to use tool that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common administrative vulnerabilities and missing security updates on your computer systems.

For the answer to this question, please refer to Knowledge Base Article 903773, "No Microsoft Office updates are displayed when you use Microsoft Update or Windows Server Update Services."

Performance depends upon the speed of the connection to the Microsoft Update site or Update Services server, as well as how recently the client has synchronized the catalog from its server. The number and types of products installed can also influence the performance of a scan. Be sure to check these timings based on your own hardware configuration and server settings since performance will vary.

Some updates replace files that are currently in use by Windows. Some files are loaded into memory during the initial startup of Windows and are not reloaded until the next restart. Updates installed using Automatic Updates, Windows Update, or Microsoft Update will provide an indication of this condition in the MBSA report: A partially installed update will be reported as not installed because a restart is required. In addition, any update packaged with Update.exe version 6.

Prior versions of MBSA relied upon only an offline catalog for scanning. As the size of this catalog increases over time, the network performance can degrade. By being integrated with Windows Server Update Services, MBSA 2.0 is able to scan using the client's assigned Update Services server catalog as well as the Microsoft Update site catalog. These server-based catalogs are preferred sources, but MBSA automatically reverts to the use of the offline catalog if needed.

MBSA 2.0 can only provide reboot pending status when the option to Check for Windows administrative vulnerabilities is selected in the GUI or by default if "/n Updates" is not added to the command-line utility (CLI) to suppress this feature. Reboot pending status is obtained directly from the Windows Update Agent (WUA) client on each target machine.

The rollup scripts have been updated with the enhanced report format of MBSA 2.0. The updated samples are available at the Microsoft Download Center and are not compatible with the previous samples.

MBSA 2.0 has been localized in four languages (English, German, French, and Japanese). The underlying update detection will accurately scan target computers in any language supported by the Microsoft Update and Windows Server Update Services technologies. These detection catalogs allow MBSA 2.0 to scan a target computer of any language and will return the proper results in the language of the scanning computer (the computer on which MBSA 2.0 was installed).

MBSA 2.0.1 is an update to MBSA 2.0 to enable compatibility with the new Windows Update (WU) offline scan file. (For information on the new scan file, see Microsoft Knowledge Base article 926464.) This fix enables MBSA to download and read the new file format. If you only run MBSA 2.0 in the online mode, then you do not need to do upgrade. If you use MBSA in the offline mode, you will need to download the new version of MBSA. You will also need to download the new offline scan file, wsusscn2.

Following the release of Microsoft Update, the products it supports will continue to grow. Users with the following baseline of products are recommended to use MBSA 2.0: MBSA 2.0 also offers additional detection beyond MBSA 1.2.1 for the following products and components: However, there are several products supported by MBSA 1.2.1 that will not be immediately available in Microsoft Update so MBSA 2.

No, MBSA 2.0 will install into a separate folder and can be run concurrently with MBSA 1.2.1. Once the changes in functionality between MBSA 1.2.1 and MBSA 2.0 have been thoroughly reviewed, you can uninstall MBSA 1.2.1 using Add or Remove Programs. Before removing MBSA 1.2.1, we recommend that you review Microsoft Knowledge Base article 895660 to ensure full coverage for products in your environment.

Microsoft Update is a Web site that can scan a single computer and indicate missing/needed updates and install them as a group. MBSA allows multiple computers to be scanned for missing/needed updates at one time to corporate environments by providing remote scanning. By allowing computers to be configured for Microsoft Update, MBSA helps customers using Windows Update to get updated for other Microsoft products more easily.

The MBSA 2.0 EULA must be accepted by the end customer, at which point the software can be distributed internally and integrated with a third-party solution.

MBSA can be installed and run on Windows 2000 Service Pack 3 or later, Windows XP Home Edition, Windows XP Professional, and Windows Server 2003. MBSA can be run over the network to scan computers running Microsoft Windows 2000 Server, Windows 2000 Workstation, Windows XP Professional, Windows XP Embedded and Windows Server 2003.

Scanning in MBSA 2.0 is not performed in parallel unless multiple copies of MBSA 2.0 are run at the same time to scan different computers. Mbsacli.exe can be used with the new /listfile (list of computer names or IP addresses) parameter to scan computers listed in a text file containing computer names or IP addresses. This file can be a maximum of 100 MB in size. Using scripting (not provided with the MBSA 2.

In addition to the current audit message written to the event log, additional events may be written based on the new remote installer used by MBSA to configure the target computer to use Windows Update Agent or Microsoft Update for scanning. An example of an event: Event Type:Information Event Source:MBSA Event Category:None Event ID:1 Date:3/12/2005 Time:1:33:44 PM User:domain\username Computer:computer Description: Security analysis complete. Scanned from nnn.nnn.n.n.

MBSA 2.0 offers extended security configuration checks beyond the other Microsoft updating technologies. Furthermore, MBSA 2.0 is designed to be used in conjunction with Microsoft Update (MU), Windows Server Update Services (WSUS) and the SMS Inventory Tool for Microsoft Updates (ITMU) in order to audit and verify the update state of a target machine. MBSA 2.0 offers complete consistency with the other tools since it also utilizes the common Windows Update Agent (WUA) infrastructure. MBSA 1.2.

SMS 2003 Service Pack 1 has an integrated tool to access Windows Update Agent directly for scanning security updates and does not use MBSA 2.0 for scanning. For more information about the Inventory Tool for Microsoft Update and how administrators can use SMS 2003 to deploy security updates, see the SMS 2003 Security Patch Management Web site.

MBSA 2.0 provides support for performing the security updates portion of a scan against the Update Services server that each scanned computer is assigned to as well as performing a standalone scan for customers without an Update Services server. Administrators can select options in the MBSA graphical user interface or in the MBSA command-line interface to ignore or exclusively observe the Update Services approved list of updates.

A complete list of changes can be found in the release notes, and detailed descriptions of the options are included in MBSA Help. Both can be viewed by clicking the Help link in the MBSA navigation bar.

No. Windows Update Agent is an important part of security that enables you to obtain updates from an Update Services server or from Microsoft Update. An earlier version of Windows Update Agent is also built into Windows Server 2003 SP1 and Windows XP SP2. All computers with an Internet connection running Windows 2000 SP3 or later with Automatic Updates configured to run automatically update themselves to the latest version of the agent.

Windows Update Agent is a Windows component. This component provides update management functionality that was introduced in Windows XP SP2. A newer version of this component with remote scanning functionality has been added to Windows Server 2003 SP1 and as a separate installation package for computers on isolated networks.

Yes, this table describes the support for each platform. Some platforms are provided limited support in this version. Windows 2000 SP3 is a minimum requirement, in addition to the availability of Windows products for each processor type. When scanning computers running a Windows XP Embedded edition or an Itanium-based (IA64) computer, the administrator must manually install and configure WUA and Microsoft Update.

MBSA 2.0 uses your Internet Explorer settings to perform the download. Use the Internet Options settings page of Internet Explorer to configure these settings. If your network is configured to support auto detection of proxy servers, select Automatically detect settings. If your network is not configured to support auto detection of proxy servers, select Use a proxy server for your LAN, and then type the name or IP address of the proxy server in the Address box.

The MBSA 2.0 detection engine is now based on the Windows Update Agent, and the logic used when scanning for updates is based on rules defined in the Microsoft Update catalog. The options in previous versions of MBSA to enable or disable certain logic are no longer needed because of the advanced technology being used. Details of these command-line changes are provided in the release notes and MBSA Help. Yes. MBSA 2.

These ratings help you prioritize and manage the risk associated with the security bulletin findings. A link to additional information is provided at the bottom of each MBSA 2.0 report using the Result Details for security update checks. Visit the Microsoft Web site to review the specifics of each rating, and how to apply them in your environment.

Updates for multiple products within the same bulletin will be shown as different product families in the Issue column of the report summary. Each product-specific variation within the bulletin typically includes a different Knowledge Base article number, however in some cases, there could be multiple updates within the same product category.

MBSA 2.0 reports a critical warning in the Operating System Version check indicating that this operating system version is no longer supported. This check is helpful in identifying computers that cannot be scanned for security updates and represent a security threat to the environment as a result. Note that scanning a computer running Windows NT 4.0 is not supported; however, when such a configuration exists within a domain or an IP range, MBSA provides stable behavior.

Starting with MBSA 2.0, reports based on scanned computers running Windows NT 4.0 will receive a critical warning for the Windows Administrative Vulnerability check called Operating System Version. Previous versions of MBSA would provide an informational score for the Windows version, and a recommendation to run Windows 2000 or later.