Security Initiatives
Updated : July 1, 2005
Microsoft continues to execute on our commitment to help make customers more secure. Our goal is to help customers reduce the risk associated with malicious attacks, as well as to reduce the cost and complexity of managing security threats.
Microsoft Baseline Security Analyzer (MBSA) 1.2.1 is evidence of our commitment to continued investment in customer security.
MBSA 1.2.1 incorporates improvements based upon feedback we have heard from customers using our earlier tools. It supports more Microsoft products, checks for key security configurations such as Windows Firewall and Automatic Update settings, and is now available in localized versions.
This datasheet details the enhanced features and requirements for MBSA 1.2.1
On This Page
What is MBSA?
MBSA 1.2.1 Highlights
Features List
Products Supported
System Requirements
Required Services
What is MBSA?
MBSA is the free, best practices vulnerability assessment tool for the Microsoft platform. Designed for the IT professional, the tool helps with the assessment phase of an overall security management strategy. This phase includes examining where an environment might be most vulnerable. MBSA helps with this phase in two ways:
By scanning for missing security updates:
Windows Operating Systems
Microsoft Internet Information Server
Microsoft Exchange Server
Microsoft SQL Server
Microsoft Office
Microsoft Internet Explorer
By scanning for common configuration vulnerabilities:
Is Windows Firewall enabled?
Are Automatic Updates enabled?
Are strong passwords enforced?
Are unnecessary services running?
Are unsecured Guest accounts enabled?
MBSA 1.2.1 Highlights
MBSA 1.2.1 offers:
Support for Windows XP Service Pack 2 security enhancements.
Clear guidance for locating updates and necessary actions.
Prioritize results more easily by showing summary counts for each score
The following features in MBSA are available and covered in full detail in the MBSA white paper.
Alternate File Version Support (allows multiple sets of file details to be checked in security updates scan)
Additional Configuration Checks:
Internet Connection Firewall configuration check
Automatic Updates configuration check
Internet Explorer zone configuration checks (custom Internet Explorer zone interpretation, Internet Explorer Enhanced Security Configuration checks for Windows Server 2003)
MBSA tool version check (for new MBSA releases)
Features List
Command-line and Graphical User Interface (GUI) options
Scan local computer, remote computer, or groups of computers
Scan against Microsoft's maintained list of updates (on Microsoft.com) or local server running Software Update Services 1.0
Scan for common security configuration vulnerabilities
Scan for missing security updates
View reports in MBSA Graphical User Interface or Command Line Interface
Compatibility with SMS 2.0 and 2003 Software Update Services Feature Pack
Support for single processor and multiprocessor configurations
Localized to English, French, German, and Japanese although MBSA 1.2.1 can scan a machine of any locale
Products Supported
Checks for common security configuration vulnerabilities for:
Windows 2000, XP, 2003
IIS 4.0, 5.0, 6.0
SQL 7.0, 2000
IE 5.01, 6.0 (5.5 is not supported)
Office 2000, XP, 2003
Checks for security updates for:
Windows 2000, XP, 2003
IIS 4.0, 5.0, 6.0
SQL 7.0, 2000 (includes MSDE)
IE 5.01, 6.0 (5.5 is not supported)
Exchange 5.5, 2000, 2003
Windows Media Player 6.4+ (10.x is not supported)
Office 2000, XP, 2003
MSXML 2.5, 2.6, 3.0, 4.0
MDAC 2.5, 2.6, 2.7, 2.8
Microsoft Virtual Machine (VM)
Commerce Server 2000, 2002
Content Management Server 2001, 2002
BizTalk 2000, 2002, 2004
Host Integration Server 2000, 2004 (also SNA Server 4.0)
System Requirements
Windows Server 2003, Windows 2000 or Windows XP
IE 5.01+
XML parser (MSXML version 3.0 w/ latest SP)
IIS Common Files (required on local computer when scanning remote IIS computers)
Firewall ports
Port 80 (HTTP) needed to download latest update file
TCP 139, 445 needed to scan remote computers
User must be running as local Administrator
Required Services
Scanning local computer
Workstation service
Server service
Remote scanning computer running MBSA
Workstation service
Client for MS Networks
Remote scanning computer running MBSA
Server service
Remote registry service
File & Print Sharing