Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Monday, November 3, 2008

Microsoft Baseline Security Analyzer

Source
In the year 2002 Microsoft released the Microsoft Baseline Security Analyzer (MBSA), to analyse Windows 2000/XP operation systems for potential security issues, e.g. Hotfixes not installed. This short guide will take you though configuring stand-alone PCs to use this tool.

Networking components
MBSA requires several Services installed & activate in order to ensure it can operate correctly. To account for any Windows 2000 differences please see information in brackets. To ensure these Services are available click on Start, (Settings) Control Panel, Network Connections (Network & Dial-up connections) & right click on your Internet connection & select Properties. Finally select the Networking

Ensure that, as shown above, that Internet Protocol (TCP/IP) (Protocol), File & Printer Sharing for Microsoft Networks (Service) & Client for Microsoft Networks (Client) are installed. If any of these are not installed then select the Install button & select the Client/Service/Protocol & select the respective component to be installed.
After installation you can Tick the component to enable it’s use, should you require it. Unticking the component will disable it. The most important thing to note here is that by merely installing the component it will add the required Service(s) for MBSA, disabling the components use will not affect it’s functionality, e.g. In my case I disabled File & Printer Sharing for Microsoft Networks & Client for Microsoft Networks as I do not require nor wish to run them.
Click Ok once you have made all the changes necessary here & reboot your PC (Or at least disconnect & reconnect to the Internet).

Services
Now click on Start, (Settings) Control Panel, Administrative Tools & select Services.

Whenever you intend to run MBSA load this utility, right click on & select Start for the following Services: Server & Workstation - You may find it more convenient to set these to Automatic instead, to do so right click on the respective Service & select Properties then the General tab & change the Startup type accordingly.

The Remote Registry service may also be required for some systems, though most likely not on stand-alone PCs (At least not on mine).
For more detailed information on adjusting Windows 2000/XP Services be sure to check out the Windows 2000 & Windows XP Services Guides. This can also aid you in better securing your system.

---------------------------------

Nueva versión para usuarios avanzados del archivo de examen sin conexión de Windows Update, Wsusscn2.cab
Más información El archivo Wsusscan.cab ha crecido con cada nueva publicación de seguridad. Ahora, el número de archivos está llegando al número máximo que se puede incluir en un único archivo CAB. Microsoft está actualizando el formato interno del archivo CAB para resolver este problema.
Todos los productos, herramientas y soluciones que utilicen el archivo Wsusscan.cab deben actualizarse antes de marzo de 2007 para utilizar el nuevo archivo de examen sin conexión. El archivo CAB existente seguirá actualizándose y publicándose hasta marzo de 2007. Sin embargo, Microsoft reducirá el tamaño del archivo CAB existente quitando parte del contenido de las actualizaciones de seguridad. Para obtener más información, haga clic en el número de artículo siguiente para verlo en Microsoft Knowledge Base:924513
Cambios en el archivo WSUSScan.cab Hay disponibles nuevas versiones del software siguiente. Estas nuevas versiones utilizan el nuevo archivo Wsusscn2.cab.
System Management Server Inventory Tool for Microsoft Updates (SMS ITMU) visite el siguiente sitio web
Microsoft Baseline Security Analyzer (MBSA) visite el
siguiente sitio web
Agente de Windows Update para Microsoft Windows XP, Windows 2000 y Windows Server 2003 (todas las arquitecturas de procesadores compatibles)

Source
MBSA 2.0.1 is now available

Can I use MBSA 2.0.1 with Windows Vista?
Validly licensed Windows Vista users may install and use Version 2.0.1 of MBSA according to its License Terms even though Windows Vista is not expressly listed in the License Terms as a supported operating system. Be advised that Microsoft does not support running MBSA 2.0.1 on Windows Vista and it is not supported to conduct Vulnerability Assessment checks against computers running Windows Vista. In addition, there are currently some limitations in conducting remote security update scans against Windows Vista machines. See http://support.microsoft.com/kb/931943/ for more details. MBSA 2.1 Beta will be coming soon and will include full Windows Vista support.

What is MBSA 2.0.1?
MBSA 2.0.1 is an update to MBSA 2.0 to enable compatibility with the new Windows Update (WU) offline scan file. (For information on the new scan file, see http://support.microsoft.com/kb/926464.) This fix enables MBSA to download and read the new file format.
In order to run offline scans, MBSA 2.0 must have the scan file on the scanning machine. MBSA 2.0 automatically downloads this file if the scanning machine has Internet access. If not, the file must be downloaded and installed manually. MBSA 2.0.1 behaves in the same manner, except that it uses the new scan file.

What do users need to do?
If you use MBSA in the offline mode, you will need to download the new version of MBSA. See the Download Now section below.
You will also need to download the new offline scan file, wsusscn2.cab, by clicking http://go.microsoft.com/fwlink/?LinkId=76054. Save this file to C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\MBSA\2.0\Cache\wsusscn2.cab

What if I don’t download MBSA 2.0.1?
If you only run MBSA 2.0 in the online mode, where all target machines have direct connection to the Internet to access the Microsoft Update site or are assigned to an internal WSUS Server, then you do not need to do anything
If you use MBSA 2.0 in the offline mode, it will no longer work after March 2007. The ouliated wsusscan.cab catalog used by MBSA has reached its effective end-of-life and has been replaced by the newer wsusscn2.cab catalog used by MBSA 2.0.1 and MBSA 2.1. (For more information on which updates have been removed from the ouliated offline scan file, see http://support.microsoft.com/kb/924513/

Will I notice a difference when I run MBSA 2.0.1?
The first time MBSA 2.0.1 is executed against a given set of machines, it will first push out and install the updated Windows Update Agent. This will increase the scan time beyond what would normally be expected. Subsequent scans will execute as normal.
Note: Unless specifically noted, all references to MBSA 2.0 in the MBSA TechNet pages also apply to MBSA 2.0.1.

MBSA 2.0
Microsoft Baseline Security Analyzer (MBSA) 2.0 is an easy-to-use tool that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS) and Microsoft Operations Manager (MOM). Used by many leading third party security vendors including Tivoli, Patchlink and Citadel, MBSA on average scans over 3 million computers each week. Join the thousands of users that depend on MBSA for analyzing their security state.

MBSA 2.0 needed for Update Services compatibility: Users of Windows Server Update Services should update their MBSA to version 2.0 for compatibility.

Features found in MBSA 2.0:

  • Severity Ratings
  • Locally and remotely scan for Office XP or later security updates
  • Added guidance for locating updates and necessary actions
  • CVE-IDs for supported updates
  • Improved help content
  • Windows Server Update Services compatibility
  • Automatic Microsoft Update registration and agent update
  • Support for detection of updates on 64bit Windows and Windows XP Embedded
Download Now
The following versions of MBSA are available for download:
Detailed Information
Please refer to the MBSA 2.0 datasheet for more information about MBSA 2.0, including new improvements, features, and system requirements.

No comments: