2k/NT/XP/2003: Free Microsoft Security Analyzer

Posted February 20, 2004 by AlexTheBeast in Windows security

Microsoft makes available a free network security analyzer. The Microsoft Baseline Security Analyzer (MBSA) will analyze your security configuration. It then generates a report of problems detected and includes instructions to fix the problem with links to pertinent information


The Microsoft Baseline Security Analyzer (MBSA) allows one to check local or remote computers for security issues. It provides the quickest and easiest way to scan to see which of your systems need to be patched or updated.

The package includes a GUI and command line interface.

The information page states that the following products are scanned:

    Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, Internet Information Server (IIS), SQL Server, Internet Explorer, and Office. MBSA 1.2 will also scan for missing security updates for the following products: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, IIS, SQL Server, IE, Exchange Server, Windows Media Player, Microsoft Data Access Components (MDAC), MSXML, Microsoft Virtual Machine, Commerce Server, Content Management Server, BizTalk Server, Host Integration Server, and Office.

MBSA can be download it from the following link: Microsoft Baseline Security Analyzer

The graphical display is loaded with information. The following is a sample of the text output:

Security updates Vulnerabilities Check failed (critical) Windows Security Updates 3 security updates are missing or could not be confirmed.
Security updates Vulnerabilities Check failed (critical) MDAC Security Updates 1 critical security updates are missing.
Security updates Vulnerabilities Check failed (critical) Office Security Updates 9 security updates are missing.
Security updates Vulnerabilities Check failed (non-critical) MSXML Security Updates 1 security updates are out-of-date.
Security updates Vulnerabilities Check passed Windows Media Player Security Updates No critical security updates are missing.
Security updates Vulnerabilities Check passed Microsoft VM Security Updates No critical security updates are missing.
Windows Scan Results Vulnerabilities Check failed (critical) File System Not all hard drives are using the NTFS file system.
Windows Scan Results Vulnerabilities Check failed (non-critical) Automatic Updates The Automatic Updates feature is disabled on this computer.
Windows Scan Results Vulnerabilities Best practice Internet Connection Firewall Internet Connection Firewall is disabled on all network connections.
Windows Scan Results Vulnerabilities Check passed Local Account Password Test No user accounts have simple passwords.
Windows Scan Results Vulnerabilities Check passed Guest Account The Guest account is not disabled on this computer.
Windows Scan Results Vulnerabilities Check passed Restrict Anonymous Computer is properly restricting anonymous access.
Windows Scan Results Vulnerabilities Check passed Administrators No more than 2 Administrators were found on this computer.
Windows Scan Results Vulnerabilities Check not performed Password Expiration Check is skipped on Windows XP Home Edition computers.
Windows Scan Results Vulnerabilities Check not performed Autologon Check is skipped on Windows XP Home Edition computers.
Windows Scan Results Additional System Information Additional information Windows Version Computer is running Windows 2000 or greater.
Windows Scan Results Additional System Information Best practice Auditing Check is skipped on Windows XP Home Edition computers.
Windows Scan Results Additional System Information Additional information Shares 13 share(s) are present on your computer.
Windows Scan Results Additional System Information Best practice Services No potentially unnecessary services were found.
Internet Information Services (IIS) Scan Results Additional System Information Best practice IIS Status IIS is not running on this computer.
SQL Server Scan Results Product Status Best practice SQL Server/MSDE Status SQL Server and/or MSDE is not installed on this computer.
Desktop Application Scan Results Vulnerabilities Check failed (critical) IE Zones Internet Explorer zones do not have secure settings for some users.
Desktop Application Scan Results Vulnerabilities Check passed Macro Security 4 Microsoft Office product(s) are installed. No issues were found.

The Conversation

Follow the reactions below and share your own thoughts.