Windows 7 / Getting Started

The MBSA Console

MBSA is used to analyze one or more computers for vulnerabilities. MBSA scans for two categories of vulnerabilities: weak security configurations and missing security updates. This section focuses on using MBSA to scan for updates that should have been installed but have not been installed.

After installing MBSA, you can use it to scan all computers on your network or domain for which you have administrator access. To scan all computers on a specific subnet using your current user credentials, follow these steps:

  1. Start MBSA by clicking Start, pointing to All Programs, and then clicking Microsoft Baseline Security Advisor.
  2. On the Welcome To The Microsoft Baseline Security Analyzer page, click Scan Multiple Computers.
  3. On the Which Computers Do You Want To Scan? page, type the domain or workgroup name or the IP address range you want to scan. To speed up the scanning process, clear all check boxes except for Check For Security Updates. If you have a WSUS server on your network, you can further speed up the process by selecting the Advanced Update Services Options check box and the Scan Using Assigned Update Services Servers Only option to prevent unmanaged computers from being scanned.
  4. Click Start Scan. While MBSA performs the scan, it will keep you updated on the progress.
  5. After the scan is completed, the View Security Report page appears, listing the computers that were scanned.

Note If you do not have sufficient credentials on a computer, MBSA will display the IP address of the computer with the following message: User Is Not An Administrator On The Scanned Machine.

Missing security updates are marked by a red X, and missing service packs or update rollups are marked with a yellow X. A green check mark denotes a scan that was completed successfully with no missing updates found. Scan reports are stored on the computer from which you ran MBSA in the %UserProfile%\SecurityScans folder. An individual security report is created for each computer that is scanned.

During the scanning process, MBSA uses NetBIOS over Transmission Control Protocol/ Internet Protocol (TCP/IP) and Common Internet File System (CIFS) protocols to connect to computers, which requires TCP ports 135, 139, and 445 and User Datagram Protocol (UDP) ports 137 and 139. If a firewall blocks these ports between you and the target computers or if the computers have Internet Connection Firewall enabled and these ports have not been opened, you will not be able to scan the computers.

At the beginning of the scan, MBSA must retrieve an updated MBSA detection catalog (Wsusscan.cab) that provides information about updates and security vulnerabilities. By default, this file is retrieved from the Microsoft Web site at http://go.microsoft.com/fwlink/?LinkId=39043 and includes every current update available from Microsoft. If the computer is configured as a WSUS client, it will retrieve the file from your WSUS server instead.

[Previous] [Contents] [Next]