MBSA: Microsoft Baseline Security Analyzer

posted onJuly 17, 2003
by hitbsecnews

By: Adrenaline (adrenaline@hackutah.org)

This article first appeared over at our affiliate site 2600-SLC. The original article can be found here

The MBSA: Another Microsoft Certification?

Simply Put: No. Hopefully upon reading/hearing this talk, you might gain some interest in the MBSA
tool, and want to learn more about it. Upon mentioning this tool in the #ut2600 channel, It got
some attention, so I figured I'd give a talk on it. For those of you wondering what it is, it's a
security analyzer tool, developed my microsoft, that will scan for "misconfigurations" (ie. the
new net admin who created a network share and forgot that the default permissions are full control)
with in NT4, Win2k, Win Xp, IIS 4 & 5, SQL Server 7 & 2000, IE 5.01 & above, Office 2000, and 2002.

It also scans for missing security updates in winnt4, win2k, winxp, iis 4&5, sql server server 7 &
2000, IE 5.01 and above, exchange 5.5 & 2000, and windows media player 6.4 and later. Not only that,
but it also can scan for low or misconfigured security zone settings in IE, outlook, and it can
also look for weak or blank passwords on the machine, if the guest account is open, the number of
administrative accounts on the computer, and what type of file system the drives are using.
So How Does It Work?

Upon Loading The GUI utility (MBSA.exe), You'll notice the interface doesnt get much simpler: You
Pick if you want to scan one host, or multiple hosts to scan. Then decide if you want to scan your
local machine, or a remote machine. When scanning, you can decide whether you want to run the scan
by the computer name, the ip address, or a specified range of IP addresses. You can also choose the
name of the finished report.

After choosing your host to scan, you get options on what type of vulnerability you want to scan for:

+Checking For Windows Vulnerabilities,
+Checking For Weak Passwords,
+Checking For IIS Vulnerabilities,
+Checking For SQL Vulnerabilities,
+Checking For Missing/Installed Hotfixes.

Once you've selected what you want to scan, just hit "Start Scan", And you can then Scan your
machine or remote hosts to your hearts content. Before the scan it tries to download an updated
xml file from Microsoft, for checking the latest security updates and fixes. Once the scan is
complete, it will show you the diagnosis of the scanned host, starting with the most serious
security issues first. Once you're done reviewing the results, You have the option of sending the
report to your printer, or copying the results to the clipboard.

The MBSA tool also comes with a command line version, which is similar to the hfnetchk utility,
but instead of just checking for missing or installed hotfixes, it also scans for the other stuff
that the gui version of the MBSA scans for.

Compatibility & Support

Compatible with SUS 1.0, and can be run against the list of approved security
updates on a local SUS server, rather than the xml that is usually downloaded.

Compatible with SMS 2.0, Can Be Integrated with SMS 2.0, to carry out automated and ongoing
scans of client computers on a large network. The Data is then reported back to SMS, and
included with the regular SMS reporting information.

Compatible with and can be run against Windows Server 2003, but is not fully supported yet.

Possible Security Issues?

Still under debate between some people, but simply put, yes, it can be.
After The MBSA Analyzes the host for vulnerablilites, it places the results in a simple XML
file, located in %userprofile%SecurityScans. The XML Report is written in plain text,
and could be used by others to find the machine's vulnerablilities. So possibly, a person could
write an executable, script, activex, java, or some other type of active content, that exploits
vulnerabilities based on the results of those XML Files.

Closing

So In closing out my talk, I hope you've learned something about the MBSA tool, and hopefully
will want to go out and start playing with it and testing it out yourself,
as well as learning more about it.

Sources:

http://www.securiteam.com/windowsntfocus/5KP0Q1P6US.html

http://www.microsoft.com/technet/security/tools/Tools/mbsahome.asp

1.) A Guide To A New Generation of Phreaking - Part 1 - decimalz
2.) MBSA: Microsoft Baseline Security Analyzer - adrenaline
3.) Scanning Networks - Krishna
4.) Mutual Trust Networks: Rise of a Society - Ruchir Jha
5.) Review of Yellow Dog Linux 3.0 - L33tdawg
6.) Camouflaging Nmap Scans - Whistler
7.) When your server ends up a Warez site - Obscure

Source

Tags

Articles

You May Also Like

Other Articles In This Section

Recent News

Friday, November 29th

North Korean hackers posing as IT workers steal over $1B in cyberattack
OpenAI is at war with its own Sora video testers following brief public leak
Found on VirusTotal: The world’s first UEFI bootkit for Linux

Tuesday, November 19th

CISA Director Jen Easterly, in Place Since 2021, to Step Down
Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme
WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Friday, November 8th

North Korean hackers target cryptocurrency with malware
Man sick of crashes sues Intel for allegedly hiding CPU defects
Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Friday, November 1st

Youth of today say passwords are old news, passkeys are the future
Chinese attackers accessed Canadian government networks – for five years
OpenAI launches ChatGPT with Search, taking Google head-on
Here’s the paper no one read before declaring the demise of modern cryptography
Not just ChatGPT anymore: Perplexity and Anthropic’s Claude get desktop apps

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes

Simplenews subscription

Stay informed - subscribe to our newsletter.
The subscriber's email address.
Keeping Knowledge Free for Over a Decade

Copyright © 2018 Hack In The Box. All rights reserved.

36th Floor, Menara Maxis, Kuala Lumpur City Centre 50088 Kuala Lumpur Malaysia
Tel: +603-2615-7299 Fax: +603-2615-0088