Tuesday, December 9, 2008

Microsoft Baseline Security Analyzer (MBSA)

Microsoft is beginning to release useful security oriented tools. Microsoft Baseline Security Analyzer (MBSA) checks Windows NT 4 SP4 and up, Windows 2000, and Windows XP for common security vulnerabilities. MBSA can be installed on Windows 2000 and Windows XP. MBSA currently performs five checks:

Hotfix checks : scans for missing hotfixes for Windows NT 4, Windows 2000, all system services, SQL 7.0, SQL 2000, and IE 5.01 and later.

Password checks : checks for blank and weak passwords.

Vulnerability checks : scans for security issues and common configuration mistakes in Windows
operating systems (NT4, 2000, and XP).

IIS checks : scans for security issues in IIS 4.0 and 5.0.

SQL vulnerability checks : scans for security issues in SQL 7.0 and 2000.

The tool can be run in GUI mode ( mbsa.exe ) or more usefully for automated periodic checks, in command line mode (mbsacli.exe).

No comments: