Microsoft Baseline Security Analyzer v2.1 Beta 2

The latest release of the MBSA utility adds support for Windows Vista for the first time. The tool analyzes the security configuration of the computers you run it against (it can run against many computers on your network at the same time) and suggests actions to reduce security vulnerabilities. The checks available include:

Check for Windows administrative vulnerabilities
Check for weak passwords
Check for IIS administrative vulnerabilities
Check for SQL administrative vulnerabilities
Check for security updates
Configure computers for Microsoft Update and scanning prerequisites
Advanced Update Services options:
Scan using assigned Update Services servers only
Scan using Microsoft Update only

As an example, here’s the report the tools produced when run against my laptop while I was writing this post. I’m running Windows XP Professional and Office 2003 on a computer that is not a member of a domain. As you can see, I installed the latest Patch Tuesday group of updates but hadn’t yet rebooted when I ran the MSBA scan.

Security assessment: Incomplete Scan
Computer name: blanked
IP address: blanked
Security report name: blanked (11-05-2007 6-04 PM)
Scan date: 11/05/2007 6:04 PM
Scanned with MBSA version: 2.1.2030.0
Catalog synchronization date:

Security Updates Scan Results

Issue: Security Updates
Score: Unable to scan
Result: Computer has an older version of the client and security database demands a newer version.

Operating System Scan Results

Administrative Vulnerabilities

Issue: Local Account Password Test
Score: Check passed
Result: No user accounts have simple passwords.

Detail:
| User | Weak Password | Locked Out | Disabled |
| ASPNET | - | - | Disabled |
| Guest | - | - | Disabled |
| HelpAssistant | - | - | Disabled |
| SUPPORT_388945a0 | - | - | Disabled |
| Administrator | - | - | - |
| Marc Erickson | - | - | - |
Issue: File System
Score: Check passed
Result: All hard drives (1) are using the NTFS file system.

Detail:
| Drive Letter | File System |
| C: | NTFS |
Issue: Password Expiration
Score: Check not performed
Result: This check was skipped because the computer is not joined to a domain.

Issue: Guest Account
Score: Check passed
Result: The Guest account is disabled on this computer.

Issue: Autologon
Score: Check not performed
Result: This check was skipped because the computer is not joined to a domain.

Issue: Restrict Anonymous
Score: Check passed
Result: Computer is properly restricting anonymous access.

Issue: Administrators
Score: Check passed
Result: No more than 2 Administrators were found on this computer.

Detail:
| User |
| Administrator |
| Marc Erickson |
Issue: Windows Firewall
Score: Best practice
Result: Windows Firewall is disabled and has exceptions configured.

Detail:
| Connection Name | Firewall | Exceptions |
| 1394 Connection | Off* | Programs* |
| All Connections | Off | Programs |
| Earthlink | Off* | Programs* |
| Hamachi | Off* | Programs* |
| Local Area Connection | Off* | Programs* |
| Wireless Network Connection | Off* | Programs* |
Issue: Automatic Updates
Score: Check passed
Result: Updates are automatically downloaded and installed on this computer.

Issue: Incomplete Updates
Score: Check failed (non-critical)
Result: A previous software update installation was not completed. You must restart your computer to finish the installation. If the incomplete installation was a security update, then the computer may be at risk until the computer is restarted.

Additional System Information

Issue: Windows Version
Score: Best practice
Result: Computer is running Windows 2000 or greater.

Issue: Auditing
Score: Best practice
Result: This check was skipped because the computer is not joined to a domain.

Issue: Shares
Score: Best practice
Result: 2 share(s) are present on your computer.

Detail:
| Share | Directory | Share ACL | Directory ACL |
| ADMIN$ | C:\WINDOWS | Admin Share | BUILTIN\Users - RX, BUILTIN\Power Users - RWXD, BUILTIN\Administrators - F, NT AUTHORITY\SYSTEM - F |
| C$ | C:\ | Admin Share | BUILTIN\Administrators - F, NT AUTHORITY\SYSTEM - F, BUILTIN\Users - RX, Everyone - RX |
Issue: Services
Score: Best practice
Result: Some potentially unnecessary services are installed.

Detail:
| Service | State |
| Telnet | Stopped |

Internet Information Services (IIS) Scan Results
IIS is not running on this computer.

SQL Server Scan Results
SQL Server and/or MSDE is not installed on this computer.

Desktop Application Scan Results

Administrative Vulnerabilities

Issue: IE Zones
Score: Check passed
Result: Internet Explorer zones have secure settings for all users.

Issue: Macro Security
Score: Check passed
Result: 4 Microsoft Office product(s) are installed. No issues were found.

Detail:
| Issue | User | Advice |
| Microsoft Office Excel 2003 | All Users | No security issues were found. |
| Microsoft Office Outlook 2003 | All Users | No security issues were found. |
| Microsoft Office PowerPoint 2003 | All Users | No security issues were found. |
| Microsoft Office Word 2003 | All Users | No security issues were found. |

The download is available here and the homepage for the MBSA tool is here. A 64 bit version is here.[tags]Microsoft, Windows, Vista, XP, 2003, 2000, Service Pack 4, Server[/tags]