Why you should check out Microsoft’s latest patch tool

In this newsletter last spring, I urged you to download the Microsoft Baseline Security Analyzer, which I described as a tool to find things that are “on” that should be turned off, things that are “off” that should be turned on and ports that should be closed (or open) and aren’t. Lots of you did download it and use it successfully. Now it’s time to upgrade.

Just last week, as part of a reorganization of its patch management tools, Microsoft released Version 1.2 of MBSA (see link below). According to the story my colleague, John Fontana, posted to Network World Fusion (link below), the latest version extends both the operating systems and the applications that MBSA supports while adding new localized versions.

The additional components and servers supported in MBSA 1.2 include BizTalk Server 2000, 2002, and 2004; Commerce Server 2000 and 2002; Content Management Server 2001 and 2002; Host Integration Server 2000 and 2004; SNA Server 4.0; Microsoft Virtual Machine; and Microsoft XML (an XML processing engine that works with Internet Explorer) 2.5, 2.6, 3.0, 4.0. The new software also supports Microsoft Data Access Component 2.5, 2.6, 2.7, and 2.8, which should avoid a repeat of the problems users recently had installing Microsoft patch MS04-003, when users were not told they needed to update their operating systems before applying this patch (see the full story at https://www.nwfusion.com/news/2004/0116mspatch.html).

In addition, MBSA 1.2 performs configuration checks on the Internet Connection Firewall, the various Automatic Update engines, Internet Explorer zones and even for MBSA itself.

Version 1.2 also ships with localized language support in French, German and Japanese.

A lot of the technology used is based on research and development done by Shavlik Technologies for its own HFNetChkPro AdminSuite products (some of whose technology is licensed to Microsoft) and there are other, more complete, more efficient and easier to use products on the market. But, with the exception of Shavlik’s own free version of HFNetChkPro, all the others cost way more than Microsoft’s MBSA, which is free for the download. Free, as in “it don’t cost you anything.”

There’s a lot more to MBSA than I can fit in the space allowed here, but browse over to https://www.microsoft.com/technet/security/tools/mbsaqa.asp (the FAQ site for the product) and most of your questions should be answered. Bottom line, though – download this as soon as you can so you can run it and discover what needs to be opened, closed, turned on, turned off, download and installed.