• No results found

NCIRC Security Tools NIAPC Submission Summary Microsoft Baseline Security Analyzer (MBSA)

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "NCIRC Security Tools NIAPC Submission Summary Microsoft Baseline Security Analyzer (MBSA)"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

NCIRC Security Tools NIAPC

Submission Summary

Microsoft Baseline Security Analyzer

(MBSA)

Document Reference: Security Tools Internal NIAPC Submission

NIAPC Category: Operating System Security Management

(2)
(3)

1 Product

Microsoft Baseline Security Analyzer (MBSA) versions 1.2.1 and 2.0.

2 Category

Operating System Security Management.

3 Role

Vulnerability audit and patch reporting.

4 Overview

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed to determine the security state of MS operating system based computers in accordance with Microsoft security recommendations and offers specific remediation guidance.

5 Certification

This product has not undergone certification.

6 Company

Microsoft Inc.

7 Country of Origin

USA.

8 Web Link

http://www.microsoft.com/technet/security/tools/mbsahome.mspx.

9 Product Description

MBSA 2.0.1 is compatible with Microsoft Update and Windows Server Update Services and the SMS Inventory Tool for Microsoft Update (ITMU). MBSA 2.0.1 offers customers improved Windows component support, expanded platform support for XP Embedded and 64-bit Windows, as well as more consistent and less complex security update management experience.

Any update published on Microsoft Update as a security update, update rollup, or service pack can be scanned using MBSA 2.0. These updates have been defined by Microsoft as follows:

(4)

Update rollup—A tested, cumulative set of hot fixes, security updates, critical updates, and updates packaged together for easy deployment. A rollup generally targets a specific area, such as security, or a component of a product, such as Internet Information Services (IIS).

Service pack—A tested, cumulative set of all hot fixes, security updates, critical updates, and updates, as well as additional fixes for problems found internally since the release of the product. Service packs may also contain a limited number of customer-requested design changes or features.

If you have corporate hotfixes installed on the scanned computer, detection will observe those updates based on file version as determined by Microsoft. Typically files with a newer than expected version would be accepted, unless Microsoft had determined that a higher versioned file was not secure, in which case the update would be offered in the report.

Because clients can be scanned using an online source (Microsoft Update or an assigned Update Services server) in addition to the offline catalogue, the report can include a specific heading called "Catalogue synchronization date". If the offline catalogue was used, the time that catalogue was generated is displayed in the report and can be used to determine if the latest catalogue was used. To check the version of the offline catalogue, follow these procedures:

Step 1: If you do not have the file, download it from

http://go.microsoft.com/fwlink/?LinkId=76054 and save it to C:\Documents and

Settings\<username>\Local Settings\Application Data\Microsoft\MBSA\2.0\Cache\wsusscn2.cab (default location).

Step 2: Open C:\Documents and Settings\<username>\Local Settings\Application

Data\Microsoft\MBSA\2.0\Cache\wsusscn2.cab using any program able to view an archive file type of *.cab.

Step 3: Open package.cab from the wsusscn2.cab file, and then the package.xml file inside it. Step 4: View the OfflineSyncPackage header element for the CreationDate. It should be set to a value such as "2005-06-01T18:42:49Z" (for example). Use the value you find to determine when the file was generated by Microsoft.

10 Product Requirements

Requirements include Remote Registry service, Server service, Workstation service, File and Printer Sharing service, and Automatic Updates service. The wsusscn2.cab file is downloaded from the Microsoft Web site over HTTP based on your Internet Explorer settings. Remote

computer scans are performed by using TCP ports 135, 139, and 445. Where a firewall or filtering router separates two networks, TCP ports 135, 139, and 445 and UDP ports 137 and 138 must be open in order for MBSA to connect and authenticate to the remote computer being scanned.

11 Limitations

Installs on Microsoft Windows 2000; Windows XP and Windows Server 2003.

Scanning for administrative vulnerabilities is supported for Microsoft Windows 2000; Windows XP; Windows Server 2003; Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0; Microsoft Internet Explorer 5.01, 5.5, and 6.0 (including Internet Explorer 6.0 for Windows XP SP2 and Internet Explorer 6.0 for Windows Server 2003); Microsoft SQL Server 7.0 and SQL Server 2000; and Microsoft Office 2000, Office XP, and Office 2003.

Scanning for security updates is based on the Microsoft Update catalogue.

However, there are several products supported by MBSA 1.2.1 that will not be immediately available in Microsoft Update so MBSA 2.0 cannot scan for them:

(5)

c) Microsoft Content Management Server 2001 and 2002

d) Microsoft Host Integration Server 2000, 2004 and SNA Server 4.0 e) Microsoft Office 2000

12 Evaluation/Review Conclusions/Comments

References

Download now ( PDF - 5 Page - 90.53 KB )

Related documents

Cache Memory Architecture for Leakage Energy Reduction

In this paper, we focused on cache memories the size and energy consumption of which are growing, and showed leakage energy reduction methods that utilize gated-Vdd control,

The Grunt Work of Security p. 1 Performing an Initial Risk Assessment p. 2 Scenario p. 3 Scope of Task p. 3 Procedure p. 3 Criteria for Completion p.

Performing Assessments with Microsoft Baseline Security Analyzer

Understanding the Energy Consumption of Dynamic Random Access Memories

In addition to the circuits in the array and the necessary re-drivers of long signal wires, which are well defined and can be deduced from the DRAM architecture and the

Perceived Ideal Traits of a Mentor as Viewed By African American Students In Science, Technology, Engineering, and Mathematics

Perceived Ideal Traits of a Mentor as Viewed By African American Perceived Ideal Traits of a Mentor as Viewed By African American Students In Science, Technology, Engineering,

NCIRC Security Tools NIAPC Submission Summary Harris STAT Scanner

comprehensive reports, local scan engine Role-Based Access Control (RBAC), many automation features, and a robust vulnerability database. The combination of a field-proven solution, a

Innovative Nanoparticles Enhance N-Palmitoylethanolamide Intraocular Delivery

Taken together, our data indicate that the new ophthalmic formulation containing palmitoylethanolamide (PEA-NLC) has good ocular distribution, delivering high levels of drug in the

The Rhythm Method - Adam Levy

So if you’re looking to put a little funk in whatever style of music you play, we’re here to throw down a few essential tips on funkification with a little help from Avi Bortnick,

Threat-Based Approach to Risk, Case Study: The Strategic Homeland Infrastructure Risk Assessment (SHIRA)

Table 1: Ranking Table for Estimated Capability Ranking level Component 0 1 2 3 4 Effort to Acquire a Capability No effort to acquire the capability Adversary is