August 17, 2004

Microsoft Baseline Security Analyzer V1.2.1 Released

A new version of MBSA was released yesterday to allow users on XPSP2 to take advantage of the tool.

In case you didn't know, MBSA is the free, best practices vulnerability assessment tool for the Microsoft platform. It is a tool designed for the IT Professional that helps with the assessment phase of an overall security management strategy. MBSA Version 1.2.1 includes a graphical and command line interface that can perform local or remote scans of Windows systems.

You can go grab it here. More information can be found here.

Posted by SilverStr at August 17, 2004 01:14 PM | TrackBack
Comments

Yay. I was under the impression this was going to take till the end of the month or later to be released. It's good to know MS was right on top of getting that thrown out the door in a hurry because it's desperately needed. The MBSA should almost be released in parallel to such service packs that need an updated version.

Posted by: Jeremy Brayton at August 18, 2004 12:15 PM

MBSA is unreliable. For example, it fails to find a well-known vulnerability in SQL Server. It also hides many details of what it's checking, not letting administrators see what's actually going on. Leaving admins in the dark when the tool itself is known to be unreliable is a very bad situation. I haven't heard how reliable it is for XP SP2, but many good admins say it doesn't actually save them any time or help make systems any more secure because of all the redundant manual work still required.

Posted by: Matthew Schwartz at August 27, 2004 06:28 AM