Using the Microsoft Baseline Security Analyzer

Using the Microsoft Baseline Security Analyzer

Postby hbuhrmester » 12.02.2018, 14:16

Using the Microsoft Baseline Security Analyzer (MBSA) to search for missing updates

WSUS Offline Update is meant to download and install security updates. It uses two different sources:

  1. Some updates are defined with their complete URLs in the static download files in the wsusoffline/static directory. These are called statically defined updates.
  2. Most updates are extracted from the Microsoft update catalog file wsusscn2.cab. These updates are called dynamic updates.

The file wsusscn2.cab contains security updates only. It does not include any optional updates, except maybe as part of full quality update rollups. But these update rollups also count as security updates. So WSUS Offline Update is expected to download and install security updates only: viewtopic.php?f=7&t=172

Now, after using WSUS Offline Update to install security updates, many users directly head to the Microsoft Update web site, to search for more updates, and they surely find some: But these are all optional updates.

So, searching the Microsoft Update web site is not the best way, to check the results of WSUS Offline Update. Maybe there are some more optional updates, but this is actually expected.

A better comparison for WSUS Offline Update is the Microsoft Baseline Security Analyzer (MBSA): It can work completely offline, and it uses the same update catalog file wsusscn2.cab as WSUS Offline Update.


Downloads

The Microsoft Baseline Security Analyzer 2.3 can be found at:

https://technet.microsoft.com/en-us/sec ... 84924.aspx
https://technet.microsoft.com/de-de/sec ... 84924.aspx


Installation

After installing the MBSA, you can find a help file in the application directory:

Code: Select all
C:\Program Files\Microsoft Baseline Security Analyzer 2\Help\mbsahelp.html


Note the description of the offline mode:

/nd
Do not download any files from the Microsoft Web site when scanning. Use this parameter to prevent the download of Wsusscn2.cab, Muauth.cab, WindowsUpdateAgent30-x86.exe and WindowsUpdateAgent30-x64.exe during the scanning process. When this parameter is selected, MBSA will use any previously downloaded copies of the files. If you want, you can download the files yourself and place them in C:\Documents and Settings\username\Local Settings\Application Data\Microsoft\MBSA\Cache. This parameter applies only to downloads from the Microsoft Web site to the scanning computer. Downloads from the scanning computer to the target computer are automatic and cannot be disabled if the corresponding features are used.


The option /nd is for the command-line tool, but the cache directory is used by the MBSA graphical user interface tool as well.

You should create the cache directory first:

Code: Select all
C:\Documents and Settings\username\Local Settings\Application Data\Microsoft\MBSA\Cache


or, on a German Windows XP:

Code: Select all
C:\Dokumente und Einstellungen\username\Lokale Einstellungen\Anwendungsdaten\Microsoft\MBSA\Cache


and copy the file wsusscn2.cab from your wsusoffline installation to this directory.


Usage

Start the MBSA and select "Scan a computer"

Image

On the next screen, check the options "Advanced Update Services options - Scan using offline catalog only"

Image

The MBSA still tries to download some files, but this fails, it the computer is offline. It just goes on scanning the computer:

Image

After some time, it presents the results: Here, one update for Silverlight on Windows XP is missing, and it also criticizes, that Automatic Updates are disabled.

Image

It surely has some details about missing updates:

Image

Once the last missing update is installed, and Automatic Updates are enabled, everything is "green":

Image
Attachments
MBSA_final.png
(105.92 KiB) Not downloaded yet
MBSA_05.png
(51.1 KiB) Not downloaded yet
MBSA_04.png
(103.5 KiB) Not downloaded yet
MBSA_03.png
(39.21 KiB) Not downloaded yet
MBSA_02.png
(56.93 KiB) Not downloaded yet
MBSA_01.png
(67.45 KiB) Not downloaded yet
hbuhrmester
 
Posts: 329
Joined: 11.10.2013, 21:59

Return to Informationen / Information

Who is online

Users browsing this forum: No registered users and 1 guest