MBSA 2.0.1 was released to support the revised Windows Update (WU) offline scan file (WSUSSCN2.CAB). Version 2.0 retained the hard-coded VA checks, but replaced the Shavlik security assessment engine with Microsoft Update technologies which adds dynamic support for all Microsoft products supported by Microsoft Update. MBSA 1.2.1 was localized into English, German, French and Japanese versions and supported security assessment for any locale. Security update assessment is provided by an integrated version of Shavlik's HFNetChk 3.8 scan tool. Versions 1.2.1 and below run on NT4, Windows 2000, Windows XP, and Windows Server 2003, provide support for IIS versions 5 through 6, SQL Server, Internet Explorer 5.01 and 6.0 only, and Microsoft Office 2000 through 2003. 2 How MBSA differs from Microsoft Update.An example of a VA might be that permissions for one of the directories in the /www/root folder of IIS could be set at too low a level, allowing unwanted modification of files from outsiders.
The less-secure settings, often called Vulnerability Assessment (VA) checks, are assessed based on a hard-coded set of registry and file checks. Security updates are determined by the current version of MBSA using the Windows Update Agent present on Windows computers since Windows 2000 Service Pack 3. Microsoft Baseline Security Analyzer ( MBSA) is a discontinued software tool which is no longer available from Microsoft that determines security state by assessing missing security updates and less-secure security settings within Microsoft Windows, Windows components such as Internet Explorer, IIS web server, and products Microsoft SQL Server, and Microsoft Office macro settings. Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, Windows XP and Windows 2000
0 kommentar(er)
