[unisog] microsoft baseline security analyzer

Allen Chang allen at rescomp.berkeley.edu
Fri May 16 21:56:55 GMT 2003

I believe MBSA is an updated version of Hfnetchk. There is a command line
option and the GUI version allows you to scan entire IP ranges. It also
scans for IIS and SQL configuration vulnerabilities.

"MBSA uses the HFNetChk tool technology to scan for missing security
updates and service packs for Windows, IE, IIS, SQL, Exchange, and Windows
Media Player. MBSA will create and store individual XML security reports
for each computer scanned and will display the reports in the graphical
user interface in HTML."

"Q: Does MBSA V1.1 replace HFNetChk?

A: MBSA V1.1 fully exposes all HFNetChk V3.81 switches through the MBSA
command line interface (mbsacli.exe). Microsoft will be removing HFNetChk
as a standalone offering since MBSA V1.1 can now be used to perform both
MBSA-style scans as well as HFNetChk-style scans. "

Allen Chang
Network Security Coordinator
Residential Computing
UC Berkeley

On Fri, 16 May 2003, Anderson, Kelly wrote:

> Hi Nick,
> MBSA is a useful tool, but you will want to use Shavlik's Hfnetchk
> program to get the best picture of your patching needs - it simply does
> a better job than MBSA in identifying patches needed.  Plus, you can
> script it to scan multiple machines.  We're using it as the "ultimate"
> authority on patching.
> Have fun!
> -Kelly
> ***********************************************
> Kelly J. Anderson, MCSE
> Windows 2000 Infrastructure
> University of Michigan
> http://www.umich.edu/~lannos/win2000
> ***********************************************
> United for Peace and Justice
> http://www.unitedforpeace.org
> ***********************************************
> -----Original Message-----
> From: nick nelson [mailto:snelson at valdosta.edu]
> Sent: Thursday, May 15, 2003 7:20 PM
> To: unisog at sans.org
> Subject: [unisog] microsoft baseline security analyzer
> 'lo folks..
> I've recently been (as of today) assigned the job of running microsoft
> baseline security analyizer on our network of 4000 or so windows PCs and
> securing the ones that come up as critical risks, or however they word
> it.
> I've ran the test (it's running tonight, overnight). There was about 700
> PCs identified as severe risks when I left, so it's obviously going to
> be quite the task.
> Does anyone have any recommendations on what the team can do to make
> this easier? Obviously a lot of these will be windows updates needing
> done, is there any way to do remote windows updates? Also, does anyone
> have any kind of documents/websites/templates they give to users (mostly
> faculty) helping them secure their windows 2000/xp machiens, ie, picking
> a good password, not having open shares, running windows updates, etc.
> etc.
> Any help would be appreciated, I'm not exactly a microsoft fan, nor
> guru, so this should be interesting :)
> cheers,
> nick
> --
> nick at arpa.com            |     arpa.com :: the mainstream runs shallow
> snelson at valdosta.edu     |     Office of Information Technology
> A: Top posters
> Q: What's the most annoying thing about email these days?

More information about the unisog mailing list