Windows-Help.NET Newsletter 24 Jan. 2004, Vol 7 No. 3

In this issue:

w   Microsoft Releases Updated Baseline Security Analyzer
w   Recent Support BBS Postings
w   Web Site Updates
w   Administrivia

Get a FREE Issue of PC Today Magazine!

Microsoft Releases Updated Baseline Security Analyzer

by Arie Slob

Hello Windows users,

Baseline Security Analyzer Microsoft has released an update to its security tool, dubbed the Microsoft Baseline Security Analyzer (MBSA), which allows an individual home or corporate user or an administrator to scan one or more Windows-based computers for common security misconfigurations. Version 1.2 of MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows Server 2003, Windows 2000 and XP systems and will scan for common security misconfigurations in the following products: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, Internet Information Server (IIS) 4.0, 5.0, and 6.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000, 2002 and 2003. MBSA also scans for missing security updates for Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, IIS, SQL, Exchange, IE, Windows Media Player, MDAC, MSXML, Microsoft VM, Office, Content Management Server, Commerce Server, Host Integration Server, and BizTalk Server.

New in version 1.2:

  • MBSA releases are now available for German, Japanese, and French.
  • Additional Product Support (scanning for security updates):
    • Microsoft Office (local scans only)
    • Exchange Server 2003
    • MDAC 2.5, 2.6, 2.7, and 2.8
    • Microsoft Virtual Machine
    • MSXML 2.5, 2.6, 3.0, and 4.0
    • BizTalk Server 2000, 2002, and 2004
    • Commerce Server 2000 and 2002
    • Content Management Server 2001 and 2002
    • Host Integration Server 2000, 2004, and SNA Server 4.0
  • Additional Configuration Checks:
    • Internet Connection Firewall configuration check
    • Automatic Updates configuration check
    • IE zone configuration checks (custom IE zone interpretation, Internet Explorer Enhanced Security Configuration checks for Windows Server 2003)
    • MBSA tool version check (for new MBSA releases)

System Requirements

The following are requirements for a computer running the tool:

  • Windows 2000, Windows Server 2003, Windows XP
  • Internet Explorer 5.01 and later
  • An XML parser is required (MSXML version 3.0 SP2) for the tool to function correctly. Systems not running IE 5.01 or greater will need to download and install an XML parser to run this tool. MSXML version 3.0 SP2 can be installed during tool setup, otherwise, you can download and install a standalone version of the Microsoft XML parser.
  • The IIS Common Files are required on the computer on which the tool is installed if performing remote scans of IIS computers
  • The Workstation service and Client for Microsoft Networks are turned on

The following are requirements for a computer to be scanned by the tool:

  • Windows NT 4.0 SP4 and later, Windows 2000, Windows XP (local scans only on Windows XP-based computers that use simple file sharing), or Windows Server 2003
  • IE 5.01 or later (to perform Internet Explorer security zones checks)
  • IIS 4.0, 5.0, 5.1 or 6.0 (required for IIS vulnerability checks)
  • SQL 7.0, 2000 (required for SQL vulnerability checks)
  • Microsoft Office 2000, XP, 2003 (required for Office vulnerability checks)
  • The following services must be installed: Server service, Remote Registry service, File and Print Sharing

Users who perform the scan must have local administrative credentials on each computer that they want to scan, regardless whether they perform a local scan or a remote scan. For remote scans, the administrative shares must be enabled on the scanned computer for MBSA to successfully connect and perform the scan.

You must have Internet access to download the file from the Microsoft Download Center. Mssecure.can is used for the security updates scan. If a previous copy of the Mssecure.can file was downloaded during a prior scan, MBSA will try to use the locally cached copy if an Internet connection is not detected.


MBSA is available for download at the Microsoft download [English - 1596 KB] Web site.

To download the French, German or Japanese version, select the desired language on the MBSA download page.

A technical white paper on MBSA is also available at the Microsoft TechNet Web site, while you can find some other information such as command line switches in Microsoft Knowledge Base Article 320454.

Recent Support BBS Postings

Poll: Which Processor is powering your PC?

SFC Question - Windows XP
Determining what Type of Ram is Installed - Hardware
Disabling windows messenger in Outlook Express - IE / OE
Running NetMeeting in XP through router - Networking
Mass downloading updates - Windows XP

Web Site Updates

These pages were added/updated in the past week. Information on previously updated/added pages is available on the What's New? page for 1 month.

Added: New game demo: Bound Around


Updated: Microsoft Releases Updated Baseline Security Analyzer


Windows 2000 Security Hardening Guide

Microsoft published a document providing administrator guidance for how to set up and configure secure Windows 2000 systems in several scenarios. The document is a baseline for other hardening guides published by Microsoft, such as the Microsoft Solutions for Security.

Download Guide [MS Word - 1839 KB]

Recommend This Newsletter!

Do you enjoy reading this Newsletter? Then why not tell your friend(s) about it? We have a handy Web form where you can just enter your name & email address together with your friends name & email address, and we'll send him your recommendation!

Recommend this Newsletter!

Windows Services for UNIX Version 3.5

Windows Services for UNIX 3.5 provides a full range of supported and fully integrated cross-platform network services for enterprise customers to use in integrating Windows into their existing UNIX-based environments.

Available (Requires .NET Passport Sign-in) in English & Japanese.

Slipstreaming Windows XP Service Pack 1a and Create Bootable CD

Slipstreaming a Service Pack is the process to integrate the Service Pack into the installation so that with every new installation the OS and Service Pack are installed at the same time.

Slipstreaming is usually done on network shares on corporate systems. But with the advent of CD burners, it does actually make some sense for the home user or small business user to do the same.

Microsoft added the ability to Slipstream a Service Pack to Windows 2000 and Windows XP. It not only has the advantage that when you (re)install your OS, you'll don't have to apply the Service Pack later, also if you update any Windows component later, you'll be sure that you get the correct installation files if Windows needs any.

Read Full Article

Remove Microsoft Java Virtual Machine and Install Sun Java™

If you want to remove Microsoft's JVM, and install the latest offering from Sun, here's how.

Read Full Article

There are three steps you can take to improve your computer's security

Tell a friend about this Newsletter!

Need Help with Windows? Ask your questions here!

FREE Software!

  Our Web Sites

Rose City Software

Back Issues, unsubscribing etc.

Windows-Help.NET Newsletter Current Issue