Microsoft Baseline

Security Analyzer

INLS 187
Security Software Presentation

by Hinár György Polczer

http://www.microsoft.com
Outline

• What is MBSA?
• How to get it?
• Installation
• Features
• How to use it?
• Evaluation
• Additional
Resources
• Links

Microsoft Baseline Security Analyzer

What is MBSA?

• Microsoft Baseline Security Analyzer is a tool to

make Windows based systems and server
applications more secure.
• MBSA points out known flaws which are not fixed
on the tested system
• Shows ways to patch security holes
• Explains correct security guidelines
• New version v1.2.1 is needed for SP2

Microsoft Baseline Security Analyzer

 How to get it?

• Easiest to find it with a search on

Microsoft’s download center:
http://www.microsoft.com/downloads/

• The exact address to the MBSA page:

http://www.microsoft.com/downloads/details.aspx
?FamilyID=b13ebd6b-e258-4625-b0a3-
64a4879f7798&DisplayLang=en

Microsoft Baseline Security Analyzer

 Installation

• Installation Demonstration

Microsoft Baseline Security Analyzer

Features
• MBSA is the free, best practices vulnerability
assessment tool for the Microsoft platform.
• It is a tool designed for the IT Professional
that helps with the assessment phase of an
overall security management strategy.
• MBSA Version 1.2.1 includes a graphical and
command line interface that can perform
local or remote scans of Windows systems.
• MBSA scans for common system security
misconfigurations

http://www.microsoft.com/technet/security/tools/mbsahome.mspx
Features
MBSA runs on
Windows 2000, Windows XP and
Windows Server 2003 systems
and will scan
Windows NT 4.0, Windows 2000,
Windows XP, Windows Server 2003,
Internet Information Server (IIS), SQL
Server, Internet Explorer, MS Office

http://www.microsoft.com/technet/security/tools/mbsahome.mspx
Features
MBSA checks:
• OS: account status, file system type,
available file shares, members of the
Administrators group, critical security
patches
• IIS: sample applications and certain virtual
directories present on the machine, if the
IIS Lockdown tool has been run on the
machine
• SQL: type of authentication mode, sa
account password status and SQL service
account memberships

http://www.microsoft.com/technet/security/tools/mbsawp.mspx
Features
MBSA Scans:
• Internet Explorer 5.01+ zone settings
for each local user account and macro
settings for Office 2000,Office XP, and
Office System 2003.
Supports:
• Software Update Services (SUS)
• Systems Management Server (SMS)

http://www.microsoft.com/technet/security/tools/mbsawp.mspx
Features
Scanning Computer(s):
• Single computer check
local or remote
• Multiple computers:
– all computers in a domain (by domain name)
– specific range of IP addresses
– scan all of the Windows-based machines found
within the range
– up to 10,000 machines
• These scans require Administrator access!

http://www.microsoft.com/technet/security/tools/mbsawp.mspx
Features
Types of Scans:
• MBSA-Style Scan
An MBSA-style scan will scan and store
results in an individual XML file to then be
viewed in the MBSA UI (GUI-interface)
• HFNetChk-Style Scan:
HFNetChk-style scan will check for missing
security updates only and will display scan
results as text in the command line window

http://www.microsoft.com/technet/security/tools/mbsawp.mspx
Features
• Previous security reports are saved in
XML format and can be reviewed later
• Items Checked for Vulnerabilities:
Administrators Group Membership, Auditing,
Auto Logon, Automatic Updates,
Unnecessary Services, File System, Guest
Account, Internet Connection Firewall,
Account Passwords and Policies,
Anonymous User, Shares…

http://www.microsoft.com/technet/security/tools/mbsawp.mspx
Features
• MBSA checks for installed Security
Updates by
– system file versions
– registry settings
– sometimes does not recognize
installed updates
For more information read
Microsoft MBSA White Paper
Sample Scripts are also available

http://www.microsoft.com/technet/security/tools/mbsawp.mspx
How to use it?

MBSA Demonstration
Evaluation

 MBSA is a tool created for

Microsoft Systems specifically
 Cannot be used as widely as
other tools
 Presents a security snapshot of
the system with the expectations
of a Microsoft security expert
 Allows a safe scan of multiple
Windows systems
Additional Resources
• The Microsoft Security Home Page is a good
resource for Microsoft product security:
http://www.microsoft.com/security/default.mspx

• Windows 2000 & NT 4.0 Tool:

Baseline Urlscan
• Internet Information Services (IIS)
Lockdown Tool 2.1
 Questions

• Please ask if you have any

questions, and I will try to answer
them!

• Thank you for your attention!

Links

• http://www.microsoft.com/downloads/
• http://www.microsoft.com/downloads/details.aspx?FamilyID=b13ebd6b-
e258-4625-b0a3-64a4879f7798&DisplayLang=en
• http://www.microsoft.com/technet/security/tools/mbsawp.mspx
• http://www.microsoft.com/security/default.mspx
• http://www.microsoft.com/downloads/details.aspx?FamilyID=dde9efc0-
bb30-47eb-9a61-fd755d23cdec&DisplayLang=en
• http://www.microsoft.com/downloads/details.aspx?FamilyID=42661e18-
93c2-4ce2-85d6-3679defe1a3e&DisplayLang=en
• http://www.microsoft.com/downloads/details.aspx?FamilyID=12244f33-
a5da-4203-a3a8-83f4388bb71f&DisplayLang=en