A very powerful free Microsoft tool to scan for vulnerabilities and missing updates on a Microsoft system that you have administrative access on! MBSA is not a penetration tool and is not a scanner like some other tools that can launch an attack. Think about it as a reporting tool for administrators.
Where to find MBSA? Search Microsoft website or simply Google it! If you want some spoon feeding, then this is the link to the Microsoft Baseline Security Analyzer version 2.1.1 (for IT Professionals)
Firewall considerations: If you have a physical firewall between the computer to scan and the scanning computer, you have to open the following ports on this firewall
- TCP 135 (RPC Remote Procedure Call Endpoint Mapper)
- TCP 139 (NETBIOS Session Service)
- TCP 445 (Server Message Block SMB, also known as microsoft-ds)
- UDP 137 (NETBIOS Name Service)
- UDP 138 (NETBIOS Datagram Service)
- A port for the COM+, say TCP 1240. This port has to be opened on the firewall and changed on the target server itself! The easiest way is to throw this command in the Command Line:
NEVER COPY AND PASTE ANYTHING FROM A WEBSITE TO THE COMMAND LINE. CHARACTERS MAY LOOK IDENTICAL BUT THEY ARE NOT!
reg add “HKLM\Software\Classes\AppID\{B366DEBE-645B-43A5-B865-DDD82C345492}” /v Endpoints /t REG_MULTI_SZ /d ncacn_ip_tcp,0,1240 /f
When the scan is finished, you can delete the registry key
reg delete “HKLM\Software\Classes\AppID\{B366DEBE-645B-43A5-B865-DDD82C345492}” /v Endpoints /f
The damn CAB file is downloaded into each user’s profile! Why is that? And why didn’t Microsoft include a Browse button to point to a recently downloaded CAB instead of copying it to the user’s profile or edit the shortcut to the MBSA and let it point to the CAB file! Jeeeee
In Vista and up, the file is located here
%UserProfile%\AppData\Local\Microsoft\MBSA2.1.1\Cache
In 2003, XP, and down the file is located here
%UserProfile%\Local Settings\Application Data\Microsoft\MBSA2.1.1\ Read the rest of this entry »