Free Microsoft Tool is available to test! MBSA (Microsoft Baseline Security Analyzer) is an easy to use tool to determine common vulnerabilities and missing security updates in your computer. This tool also provides an option to scan network computers from a single computer in which MBSA is installed.
This tool is recommended by IT Security Auditors & Analysts!
What Operating System are supported?
Windows XP Home, XP Professinal, Windows Vista, Windows 2003, Windows 2008. For Windows XP Embedded and Windows IA64 platforms, MBSA supports remote scanning and does not run locally.
How to download and install?
MBSA latest version can be downloaded from http://www.microsoft.com website (http://technet.microsoft.com/en-us/security/cc184923.aspx). I assure you, the installation is too easy and does not require any steps to be defined here!
How can I scan my computer?
1. After installation is successful, open Microsoft Baseline Security Analyzer 2.1 short-cut in your desktop. If it is Windows Vista, right-click on short-cut and choose “Run as Administrator”.
2. MBSA opens a screen as below where you can choose to scan one computer or multiple computers in your network. (option is highlighted by an arrow mark to scan local computer)
3. In the next screen, your local computer name will be automatically retreived to scan or if you want to scan any other computer in your network, edit computer name tab or specify IP address.
Note: Choose option highlighted in red arrow. This installs latest version of Windows Update Agent (WUA) on the computer. If you dont choose this option, it may lead to an increase in the number of warnings as your computer may be with lower version of (WUA).
MBSA also provides options to choose what scan checks can be done in our computer
* Check for Windows Administrative Vulnerabilities – Security issues in the Windows operating system, such as Guest account status, file-system type, available file shares, and members of the Administrators group
* Check for Weak Passwords -Checks computers for blank and weak passwords during a scan.
* Check for IIS Administrative Vulnerabilities
* Check for SQL Administrative Vulnerabilities
* Check for Security Updates – Scanning computers for security updates
It is highly recommended to choose all options which are applicable to the targeted computer. If you are not aware of which options are applicable, choose all 5 options. Anyhow, MBSA scan will report finally that specific option is not applicable for the targeted computer.
What to do with MBSA scan report?
Now MBSA scan is completed. Lets check security status. (I am not discussing here about all security results of MBSA. Only specific results which I think must be notified to users. If you want any clarification, you can post your scan restults for further discussion)
 Security Update Scan Results:
oh!!! lot of security patches are missing and that too security updates and service packs. Must need to work out for this! But MBSA also provides an valuable information to find what exact patches are missing and where to download them. Thus how it makes your job easy! (Click Results details option, it provides detailed patches details as in next screen).
Result details screen of Windows Security Updates:
 Windows Scan Results & Additional System Informations.
Windows Scan Results & Additional System Informations are two results which I would recommend to Home users to take corrective actions based on guidance on the check. It reports
* Any user accounts with blank or simple passwords
* Auto login option (option to automatically enter to desktop screen without providing username and password)
* Guest accounts
* Anonymous accounts
* How many administrators
* Potentially unnecessary services running (some serivces may be required for your application. Review and take action)
* Any share drives and folders present
* Windows Firewall test.