Microsoft Baseline Security Analyzer 2.0

[TwistedMetal]

Microsoft Baseline Security Analyzer (MBSA) 2.0 is an easy-to-use tool that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS) and Microsoft Operations Manager (MOM). Used by many leading third party security vendors including Tivoli, Patchlink and Citadel, MBSA on average scans over 3 million computers each week. Join the thousands of users that depend on MBSA for analyzing their security state.

 

Link: Microsoft Baseline Security Analyzer 2.0

[rridgely]

TwistedMetal did you actually download this? If you did what did it tell you about your security status?

[TwistedMetal]

Computer name: MSHOME\KEVPC

IP address: 192.168.0.2

Security report name: MSHOME - KEVPC (7-4-2005 9-30 PM)

Scan date: 7/4/2005 9:30 PM

Scanned with MBSA version: 2.0.5029.2

Security update catalog: Microsoft Update

Catalog synchronization date:

Security assessment: Potential Risk

 

Security Updates Scan Results

 

Issue: Office Security Updates

Score: Check passed

Result: No security updates are missing.

 

Current Update Compliance

 

| MS05-005 | Installed | Security Update for Office XP (KB873352) | Critical |

| MS05-006 | Installed | Security Update for SharePoint Team Services (KB890829) | Critical |

| MS04-027 | Installed | Security Update for Office XP: WordPerfect 5.x Converter (KB873379) | Important |

| MS05-023 | Installed | Security Update for Word 2002 (KB887978) | Critical |

| 832671 | Installed | Office XP Service Pack 3 | |

 

Issue: Windows Security Updates

Score: Check passed

Result: No security updates are missing.

 

Current Update Compliance

 

| 867460 | Installed | Microsoft .NET Framework 1.1 Service Pack 1 | |

| MS04-043 | Installed | Security Update for Windows XP (KB873339) | Important |

| MS04-041 | Installed | Security Update for Windows XP (KB885836) | Important |

| MS05-001 | Installed | Security Update for Windows XP (KB890175) | Critical |

| MS05-004 | Installed | Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB886903) | Critical |

| MS05-007 | Installed | Security Update for Windows XP (KB888302) | Important |

| MS05-009 | Installed | Security Update for Windows Messenger (KB887472) | Moderate |

| MS05-013 | Installed | Security Update for Windows XP (KB891781) | Important |

| MS05-015 | Installed | Security Update for Windows XP (KB888113) | Important |

| MS05-012 | Installed | Security Update for Windows XP (KB873333) | Important |

| MS05-016 | Installed | Security Update for Windows XP (KB893086) | Important |

| MS05-018 | Installed | Security Update for Windows XP (KB890859) | Important |

| MS04-044 | Installed | Security Update for Windows XP (KB885835) | Important |

| MS05-011 | Installed | Security Update for Windows XP (KB885250) | Critical |

| MS05-026 | Installed | Security Update for Windows XP (KB896358) | Critical |

| MS05-032 | Installed | Security Update for Windows XP (KB890046) | Moderate |

| MS05-027 | Installed | Security Update for Windows XP (KB896422) | Critical |

| MS05-033 | Installed | Security Update for Windows XP (KB896428) | Moderate |

| MS05-025 | Installed | Cumulative Security Update for Internet Explorer for Windows XP Service Pack 2 (KB883939) | Important |

| MS05-019 | Installed | Security Update for Windows XP (KB893066) | Critical |

| 890830 | Installed | Windows Malicious Software Removal Tool - June 2005 (KB890830) | |

 

 

Operating System Scan Results

 

Administrative Vulnerabilities

 

Issue: Local Account Password Test

Score: Check passed

Result: No user accounts have simple passwords.

 

Detail:

| User | Weak Password | Locked Out | Disabled |

| HelpAssistant | - | - | Disabled |

| SUPPORT_388945a0 | - | - | Disabled |

| ASPNET | - | - | - |

| Administrator | - | - | - |

| Guest | - | - | - |

| TwistedMetal | - | - | - |

Issue: File System

Score: Check passed

Result: All hard drives (1) are using the NTFS file system.

 

Detail:

| Drive Letter | File System |

| C: | NTFS |

Issue: Password Expiration

Score: Check not performed

Result: This check was skipped because the computer is not joined to a domain.

 

Issue: Guest Account

Score: Check passed

Result: The Guest account is not disabled on this computer.

 

Issue: Autologon

Score: Check not performed

Result: This check was skipped because the computer is not joined to a domain.

 

Issue: Restrict Anonymous

Score: Check passed

Result: Computer is properly restricting anonymous access.

 

Issue: Administrators

Score: Check passed

Result: No more than 2 Administrators were found on this computer.

 

Detail:

| User |

| Administrator |

| TwistedMetal |

Issue: Windows Firewall

Score: Best practice

Result: Windows Firewall is disabled and has exceptions configured.

 

Detail:

| Connection Name | Firewall | Exceptions |

| 1394 Connection | Off* | Programs*, Services* |

| All Connections | Off | Programs, Services |

| Linksys Network | Off* | Programs*, Services* |

Issue: Automatic Updates

Score: Check failed (non-critical)

Result: The Automatic Updates feature is disabled on this computer.

 

Issue: Incomplete Updates

Score: Best practice

Result: No incomplete software update installations were found.

 

Additional System Information

 

Issue: Windows Version

Score: Best practice

Result: Computer is running Windows 2000 or greater.

 

Issue: Auditing

Score: Best practice

Result: This check was skipped because the computer is not joined to a domain.

 

Issue: Shares

Score: Best practice

Result: 5 share(s) are present on your computer.

 

Detail:

| Share | Directory | Share ACL | Directory ACL |

| Printer | Adobe PDF,LocalsplOnly | Print Queue Share | Directory ACL can not be read. |

| ADMIN$ | C:\WINDOWS | Admin Share | BUILTIN\Users - RX, BUILTIN\Power Users - RWXD, BUILTIN\Administrators - F, NT AUTHORITY\SYSTEM - F |

| C$ | C:\ | Admin Share | BUILTIN\Administrators - F, NT AUTHORITY\SYSTEM - F, BUILTIN\Users - RX, Everyone - RX |

| SharedDocs | C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS | Everyone - F | NT AUTHORITY\SYSTEM - F, BUILTIN\Administrators - F, BUILTIN\Power Users - RWXD, BUILTIN\Users - RX, Everyone - RWXD |

| print$ | C:\WINDOWS\system32\spool\drivers | Everyone - R, Administrators - F, Power Users - F | Everyone - RX, BUILTIN\Users - RX, BUILTIN\Power Users - RWXD, BUILTIN\Administrators - F, NT AUTHORITY\SYSTEM - F |

Issue: Services

Score: Best practice

Result: Some potentially unnecessary services are installed.

 

Detail:

| Service | State |

| Telnet | Stopped |

 

Internet Information Services (IIS) Scan Results

IIS is not running on this computer.

 

SQL Server Scan Results

SQL Server and/or MSDE is not installed on this computer.

 

Desktop Application Scan Results

 

Administrative Vulnerabilities

 

Issue: IE Zones

Score: Check passed

Result: Internet Explorer zones have secure settings for all users.

 

Issue: Macro Security

Score: Check passed

Result: 4 Microsoft Office product(s) are installed. No issues were found.

 

Detail:

| Issue | User | Advice |

| Microsoft Excel 2002 | All Users | No security issues were found. |

| Microsoft Outlook 2002 | All Users | No security issues were found. |

| Microsoft PowerPoint 2002 | All Users | No security issues were found. |

| Microsoft Word 2002 | All Users | No security issues were found. |

[Andavari]

I tried it out and it was interesting. The only thing peculiar is when it gave recommendations of fixing SQL Server settings which aren't even accessable on my system due to the fact I don't have a way to edit the settings as suggested in MBSA. I don't know if SQL Server has to be installed individually or not. The only SQL related item I have is listed in services.msc as SQLAgent$MICROSOFTBCM.

[LEEnoble]

I've been using Microsoft Baseline Security Analyzer v1.2.1 for a few months now, good stuff.

[ybouan]

I tried it out and it was interesting. The only thing peculiar is when it gave recommendations of fixing SQL Server settings which aren't even accessable on my system due to the fact I don't have a way to edit the settings as suggested in MBSA. I don't know if SQL Server has to be installed individually or not. The only SQL related item I have is listed in services.msc as SQLAgent$MICROSOFTBCM.

 

<{POST_SNAPBACK}>

 

 

 

sounds like you are running an MSDE version.

This is basicaly one that is bundled with some software you are using

[Andavari]

sounds like you are running an MSDE version.

This is basicaly one that is bundled with some software you are using

<{POST_SNAPBACK}>

Thanks! That clears that up.

 

Edit: Yup you're right, it comes from Microsoft Outlook with Business Contact Manager from the Office 2003 installation. Funny thing is I've never even opened it once.

[Guest pedro319]

Hi

I am using Microsoft Baseline Security Analyzer v1.2.1 .

I went and checked out the new version (MBSA) 2.0.

There are 4different downloads.

MBSASetup-DE.msi

1262 KB

 

MBSASetup-EN.msi

1250 KB

 

MBSASetup-FR.msi

1271 KB

 

MBSASetup-JA.msi

1419 KB

I do not know if or what ones to download.

I am using windowsXP Home Service Pack 2 all the latest Microsoft updates.

Only using 1 computer.

 

This shows how little i know but i have been trying to learn

Thanks for any help.

Cheers

[rridgely]

pedro the differeances are the languages

 

En=english

Fr=French

Ja=Japanese

 

Download from here and it will be easier

http://www.microsoft.com/technet/security/...a2/default.mspx

[Guest pedro319]

Hi and thanks rridgely

 

Shows how silly i am

 

I shall go and download it now

 

Cheers pedro

[thedon57]

Hi and thanks rridgely

 

Shows how silly i am 

 

I shall go and download it now

 

Cheers pedro

 

<{POST_SNAPBACK}>

 

 

hi thanks guys forgot about baseline just downloaded it and ran but lucky all ok.

[abhijitk]

Hi TwistedMetal,

 

I had a question on the MBSA 2.0...in the results.txt file (which is essentially a log file generated after the MBSA scan) what are the usual risk levels? I scanned a few machines and received the following output in results.txt -

 

1. Potential Risk

2. Severe Risk

 

Are there any more risk types observed? (Like for e.g. Critical Risk?)

 

Any feedback on this from our members is highly appreciated.

 

Thanks!

[abhijitk]

Hi All,

 

I need some help on MBSA 2.0. I installed the tool on my machine, but due to some reason, even if MBSA is installed in C:\Program Files, it is not downloading the catalog files in C:\Documents and Settings\akulkarn\Local Settings\Application Data\Microsoft\MBSA\2.0\Cache. This is happening on one of the test boxes I have, and I googled to find the solution to this problem, but no luck. I always get the error 'The catalog file is corrupt' when I perfrom MBSA scan on this test box. This box is loaded with the latest XP version, and I checked the Internet settings to verify that it is not offline (this could prevent the catalog files to be downloaded by the update agent).

 

I have somehow managed to reach the conclusion that due to soem reason, the catalog files are not downloading properly when I install MBSA 2.0 on this computer. This is happening in spite of repeated uninstalls and installs.

 

Could someone help me out?

 

Thanks!

 

abhijit

 

 

 

Microsoft Baseline Security Analyzer (MBSA) 2.0 is an easy-to-use tool that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS) and Microsoft Operations Manager (MOM). Used by many leading third party security vendors including Tivoli, Patchlink and Citadel, MBSA on average scans over 3 million computers each week. Join the thousands of users that depend on MBSA for analyzing their security state.

 

Link: Microsoft Baseline Security Analyzer 2.0

 

<{POST_SNAPBACK}>

 

 

[Andavari]

I have somehow managed to reach the conclusion that due to soem reason, the catalog files are not downloading properly when I install MBSA 2.0 on this computer. This is happening in spite of repeated uninstalls and installs.

 

<{POST_SNAPBACK}>

 

 

Do you have some sort of firewall alert, etc. Perhaps MBSA needs a firewall allow rule created for Internet access. Also using filtering software in the proxy settings of Internet Explorer can foul up some software when they want to download something.