Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Baseline Security Analyzer 2.0 Beta Overview.

Similar presentations


Presentation on theme: "Microsoft Baseline Security Analyzer 2.0 Beta Overview."— Presentation transcript:

1 Microsoft Baseline Security Analyzer 2.0 Beta Overview

2 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Agenda Part 1: Roadmap Part 1: Roadmap Part 2: Feature Review Part 2: Feature Review Part 3: User Experience Part 3: User Experience Part 4: System Requirements Part 4: System Requirements Part 5: Migration Considerations Part 5: Migration Considerations

3 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Security Update Management Today Windows Update/Office Update Consumer focused web based solutions Consumer focused web based solutions Software Update Services (SUS) 1.0 Intermediary between Windows Update and Automatic Updates (delegated control of updates) Intermediary between Windows Update and Automatic Updates (delegated control of updates) Microsoft Baseline Security Analyzer (MBSA) Detects security updates for 16 products Detects security updates for 16 products Detects configuration vulnerabilities for 7 products Detects configuration vulnerabilities for 7 products Systems Management Server 2.0 / 2003 SUS Feature Pack (using MBSA 1.2 and ODT) SUS Feature Pack (using MBSA 1.2 and ODT) Enterprise Update Scan Tool (EST) Detects security updates that MBSA does not Detects security updates that MBSA does not Compatible with SMS Compatible with SMS Disparate sources, limited update detection

4 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Microsoft Update (MU) “Hosted” version of Update Services “Hosted” version of Update Services Consumer focused web based solution Consumer focused web based solution Windows Server Update Services (WSUS) Infrastructure for all other updating products and tools Infrastructure for all other updating products and tools Update management solution with targeting for Microsoft platform Update management solution with targeting for Microsoft platform Microsoft Baseline Security Analyzer (MBSA) 2.0 Security focused scanning without the need for a server Security focused scanning without the need for a server Systems Management Server 2003 Inventory Tool for Microsoft Update Inventory Tool for Microsoft Update Security Update Management Tomorrow Consistent results, extending update detection

5 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Windows Update Office UpdateMSSecure.XML Download Center Automatic Updates ODT HFNetChk EST SMS MBSA 1.2.1SUS Automatic Updates MOM Update Detection / Deployment Today Microsoft Update Automatic Updates SMS MBSA 2.0Update Services Windows Update Agent MOM Microsoft Update Catalog Offline Catalog (wsusscan.cab) Update Detection / Deployment This Summer

6 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. MBSA 2.0 (Q2CY05) Uses WSUS infrastructure Eventually detect all Microsoft updates Eventually detect all Microsoft updates Not limited to named products Not limited to named products Consistent with other tools using WSUS Next… Uses WSUS infrastructure VA for the Microsoft platform Authoritative Authoritative Extensible Extensible Vulnerability Assessment Timeline Enterprise Scan Tool Detects security updates that MBSA / ODT do not Detects security updates that MBSA / ODT do not Compatible with SMS Compatible with SMS MBSA / ODT Security update checks Limited to 16 named products Limited to 16 named products Administrative vulnerability checks Limited to 7 named products Limited to 7 named products Checks not extensible Checks not extensible Aug ‘04 Oct ’04…

7 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. MBSA 2.0 Goals Converge scanning on WSUS infrastructure by replacing current scan engine with Microsoft Update (MU) Converge scanning on WSUS infrastructure by replacing current scan engine with Microsoft Update (MU) WSUS server and Internet connection optional WSUS server and Internet connection optional Cover all security-related updates published to MU Cover all security-related updates published to MU Consistency in reporting results with all tools that also leverage MU (WSUS, SMS, MOM, MBSA) Consistency in reporting results with all tools that also leverage MU (WSUS, SMS, MOM, MBSA) Provide better detail and more actionable results in the report Provide better detail and more actionable results in the report Partnering and redistribution Partnering and redistribution

8 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Redistribution MBSA 2.0 License Agreement to allow redistribution MBSA 2.0 License Agreement to allow redistribution Improved ISV / 3 rd party integration opportunities Improved ISV / 3 rd party integration opportunities Microsoft may still change interfaces, schema, etc. at any time Microsoft may still change interfaces, schema, etc. at any time

9 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Part 2 Feature Review Key Terms Key Terms Scanning / Reporting Scanning / Reporting Update Detection Update Detection Additional Checks Additional Checks How it works How it works

10 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Key Terms Offline catalog – A copy of the detection catalog from the MU backend for use without a network Offline catalog – A copy of the detection catalog from the MU backend for use without a network AU – Automatic Updates; allows the desktop user to interact with the updating process AU – Automatic Updates; allows the desktop user to interact with the updating process WUA – Windows Update Agent; provides a published API and infrastructure to AU, MBSA, SMS and other API callers WUA – Windows Update Agent; provides a published API and infrastructure to AU, MBSA, SMS and other API callers COM+ / DCOM – Interface used by the WUA API which provides ‘read only’ scanning from a remote computer and full functionality locally COM+ / DCOM – Interface used by the WUA API which provides ‘read only’ scanning from a remote computer and full functionality locally Personal firewall – A firewall can protect a computer from remote access of ports and interfaces Personal firewall – A firewall can protect a computer from remote access of ports and interfaces

11 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. MBSA 2.0 Scanning Flexible scanning sources Flexible scanning sources Microsoft Update siteMicrosoft Update site Offline catalogOffline catalog Assigned WSUS serverAssigned WSUS server Use multiple copies of MBSA 2.0 Use multiple copies of MBSA 2.0 MBSA 1.2.x limited to a single instanceMBSA 1.2.x limited to a single instance Can use MBSA 2.0 side-by-side with MBSA during migrationCan use MBSA 2.0 side-by-side with MBSA during migration Input file of computers / IP addresses to be scanned Input file of computers / IP addresses to be scanned Pass a username and password on the command line for an MBSA-style scan Pass a username and password on the command line for an MBSA-style scan

12 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. MBSA 2.0 Reporting Provide a "not yet approved" score for WSUS server administrators Provide a "not yet approved" score for WSUS server administrators Current Update Compliance (history) appears in the report Current Update Compliance (history) appears in the report ‘Restart Required’ now shown in report ‘Restart Required’ now shown in report Now offers XML output for all update scanning Now offers XML output for all update scanning MBSA 1.2.x had XML only for MBSA-style scans, not /HF scansMBSA 1.2.x had XML only for MBSA-style scans, not /HF scans Elimination of the blue asterisk ‘Note’ message for security updates Elimination of the blue asterisk ‘Note’ message for security updates Locate update packages, KB and bulletin directly Locate update packages, KB and bulletin directly Maximum bulletin severity and 3rd party related IDs Maximum bulletin severity and 3rd party related IDs

13 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. MBSA 2.0 Update Detection Security updates (today) Windows 2000 SP3 and later Windows 2000 SP3 and later IIS 5.0 and later IIS 5.0 and later SQL Server 2000 / MSDE and later SQL Server 2000 / MSDE and later IE 5.01 SP3 and later IE 5.01 SP3 and later Exchange 2000, 2003 and later Exchange 2000, 2003 and later Windows Media Player 6.4 and later Windows Media Player 6.4 and later Office XP, 2003 and later Office XP, 2003 and later MSXML 2.5, 2.6, 3.0, 4.0 MSXML 2.5, 2.6, 3.0, 4.0 MDAC 2.5, 2.6, 2.7, 2.8 MDAC 2.5, 2.6, 2.7, 2.8 Microsoft Virtual Machine (JVM) Microsoft Virtual Machine (JVM) New platforms Remote only, updates only XP Embedded XP Embedded IA64 IA64 Updates only X64 X64 Not immediately available SQL and Exchange service packs SQL and Exchange service packs Office 2000 updates Office 2000 updates Commerce Server Commerce Server Content Mgt Server Content Mgt Server BizTalk BizTalk Host Integration Server Host Integration Server Added security updates DirectX DirectX.NET Framework.NET Framework Windows Messenger Windows Messenger FrontPage Server Extensions FrontPage Server Extensions Windows Media Player 10 Windows Media Player 10 Windows Script 5.1, 5.5, 5.6 Windows Script 5.1, 5.5, 5.6 Windows Server 2003, 64-Bit Edition Windows Server 2003, 64-Bit Edition Windows XP 64-Bit Edition Windows XP 64-Bit Edition Windows XP Embedded Edition Windows XP Embedded Edition

14 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Update Detection International Considerations MU and offline catalog contain all languages MU and offline catalog contain all languages Regardless of client language, any report created by a given console will be in the language of that console Regardless of client language, any report created by a given console will be in the language of that console Viewing a report in a different language console may cause the report to have text in both languages Viewing a report in a different language console may cause the report to have text in both languages If localized update not synchronized to the WUS server, a WSUS-only scan will result in default strings regardless of client or console locale If localized update not synchronized to the WUS server, a WSUS-only scan will result in default strings regardless of client or console locale Should be rareShould be rare

15 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. MBSA 2.0 Additional Checks Incomplete Updates Updates packaged using update.exe v6.1 (and later) provide a registry key to indicate pending reboot Updates packaged using update.exe v6.1 (and later) provide a registry key to indicate pending reboot MBSA will check this key and offer a non- critical warning MBSA will check this key and offer a non- critical warning Help topic for the check has details Help topic for the check has details Operating System Version Changed to report a critical warning (Red X) when scanning Windows NT due to the end of support for that Windows version Changed to report a critical warning (Red X) when scanning Windows NT due to the end of support for that Windows version

16 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. MBSA 2.0 How It Works Default Behavior Default Behavior MBSA 2.0 Process Animation MBSA 2.0 Process Animation Agent DeploymentAgent Deployment ScanningScanning Superseded Updates Superseded Updates

17 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. MBSA 2.0 Default Scan Options MBSA Scan (GUI and CLI) Use Same Options Run all checks, local computer Run all checks, local computer Attempt to install WUA if needed Attempt to install WUA if needed Attempt to use WSUS server (if assigned) Attempt to use WSUS server (if assigned) Attempt to configure / use MU Attempt to configure / use MU Use offline CAB if MU site not availableUse offline CAB if MU site not available Saved report will warn if MSI not present Saved report will warn if MSI not present Informational grade for unapproved WSUS updates (if WSUS server assigned to client) Informational grade for unapproved WSUS updates (if WSUS server assigned to client) Show a detailed report immediately after a single computer scan Show a detailed report immediately after a single computer scan

18 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. MBSA Console Agent Deployment 4.Download agent components 1.Run MBSA on Admin system, specify targets 5.Push agent, (register MU), then retry API 2.Verify latest CAB and compare agent version in CAB to WUA version 3.If low version go to #4, else scan normally (verify MU config) Microsoft Update WindowsUpdateAgent20-X64.exeWindowsUpdateAgent20-X86.exe Target Computer WSUSSCAN.CAB

19 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. MBSA Console MBSA 2.0 Scanning 3.Try the WSUS server by default (if assigned) 1.Run MBSA on Admin system, specify targets 2.Verify latest CAB ready 5.If MU not available push CAB to client 6.Use API with CAB file Microsoft Update WSUSSCAN.CAB 7.If WSUS results & MU results, merge them 8.Use Info score for WSUS unapproved items 4.Try the MU site (by default) MU site WSUS Target Computer

20 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Superseded Updates Typical replacement relationship: If only previous update is installed: If a later update is not WSUS approved: If previous and replacement updates installed:

21 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Part 3 User Experience Command Line Interface (CLI) Command Line Interface (CLI) New optionsNew options Changed optionsChanged options Graphical User Interface (GUI) Graphical User Interface (GUI) Scanning OptionsScanning Options Error Message HandlingError Message Handling Report DetailsReport Details

22 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. New Options In MBSA 2.0 /qt – Do not display the report output automatically after a single computer scan /qt – Do not display the report output automatically after a single computer scan /nd – Do not download files from the Web site when scanning /nd – Do not download files from the Web site when scanning /nai – Do not attempt to install a newer version of WUA if one is required for scanning /nai – Do not attempt to install a newer version of WUA if one is required for scanning /nm – Do not configure clients to use the Microsoft Update site when scanning /nm – Do not configure clients to use the Microsoft Update site when scanning /wi – Ignore the WSUS configuration of the client computer /wi – Ignore the WSUS configuration of the client computer

23 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Options Changed In MBSA 2.0 /wa replace the /sus option /wa replace the /sus option /catalog replaces the /x option /catalog replaces the /x option /xmlout replaces the /hf option /xmlout replaces the /hf option /target replaces the /i, /c and /h options /target replaces the /i, /c and /h options /listfile replaces the /fh and /fip options /listfile replaces the /fh and /fip options /ld replaces the /v option /ld replaces the /v option

24 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. MBSA 2.0 Scanning Options Page Use the GUI options to control WUA updating and Microsoft Update service registration. Scanning with, and without Update Services approved update list can be controlled.

25 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Error Message Handling Many error messages made easily actionable Many error messages made easily actionable ‘How to correct this’ link in report ‘How to correct this’ link in report Opens new guidance in main help fileOpens new guidance in main help file Main help and FAQ work in conjunction with error messages Main help and FAQ work in conjunction with error messages Web site FAQ topic enhanced over time Web site FAQ topic enhanced over time

26 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Report Details (non-compliance) Notice the CVE data, severity, and download icon. Restart required, the new informational score, as well as KB links are now provided.

27 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Report Details (compliance) Reports now list the most current updates that are installed and not yet replaced by newer updates

28 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Part 4 System Requirements Windows Update Agent Windows Update Agent System Requirements System Requirements

29 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Windows Update Agent What is it? Replacement update scanning engine for MBSA 2.0 and Automatic Updates, SMS, etc. Replacement update scanning engine for MBSA 2.0 and Automatic Updates, SMS, etc. Detection logic is now data-driven / extensible (and for Microsoft products only) Detection logic is now data-driven / extensible (and for Microsoft products only) Uses an offline catalog as well as an online site for scanning Uses an offline catalog as well as an online site for scanning Future enhancements to the WUA engine allow MBSA 2.0 to “self-update” when needed Future enhancements to the WUA engine allow MBSA 2.0 to “self-update” when needed AU / WUA self-update Needs Internet connection or WSUS server Needs Internet connection or WSUS server Needs AU switched on in control panel and AU service running Needs AU switched on in control panel and AU service running

30 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. MBSA 2.0 System Requirements Required services Computer being scanned locally Computer being scanned locally Workstation and Server serviceWorkstation and Server service Windows Installer 3.1 (for security update scans)Windows Installer 3.1 (for security update scans) Windows Update AgentWindows Update Agent Computer that performs remote scans Computer that performs remote scans Workstation serviceWorkstation service Client for Microsoft NetworksClient for Microsoft Networks Windows Update AgentWindows Update Agent Computer being remotely scanned Computer being remotely scanned Server serviceServer service Remote registry serviceRemote registry service File and Print SharingFile and Print Sharing Windows Installer 3.1 (for security update scans)Windows Installer 3.1 (for security update scans) Windows Update AgentWindows Update Agent

31 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Requirements Internet Explorer 5.01 SP3 or above Internet Explorer 5.01 SP3 or above Windows 2000 SP3 and later Windows 2000 SP3 and later XML parser (MSXML version 3.0 w/ latest SP) XML parser (MSXML version 3.0 w/ latest SP) IIS Common Files (required on local machine when scanning remote IIS computers) IIS Common Files (required on local machine when scanning remote IIS computers) Firewall ports Firewall ports Port 80 (HTTP)Port 80 (HTTP) Outbound from scanning computer Outbound from scanning computer Needed to download WUSSCAN.CAB file Needed to download WUSSCAN.CAB file TCP 139, 445TCP 139, 445 Inbound to scanned computers Inbound to scanned computers Needed to scan remote computers Needed to scan remote computers DCOM (port 135) + new optionally configured portDCOM (port 135) + new optionally configured port User must be running as local Administrator for scanning User must be running as local Administrator for scanning

32 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Part 5 Migration Considerations Command Line Parity Command Line Parity Concurrent scanning Concurrent scanning Scanning without full install Scanning without full install Catalog version Catalog version DCOM ports on Windows Firewall DCOM ports on Windows Firewall SQL multi-instance SQL multi-instance Reason messages Reason messages

33 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. MBSA Version CLI Option Parity MBSA 1.2.x /hf /h or /hf /i /hf /h or /hf /i /c or /i /c or /i /hf /x /hf /x /hf /hf /sus /sus /hf /fip /hf /fip /hf /fh /hf /fh /v /v MBSA 2.0 /target /target /catalog /catalog /xmlout or /n * /xmlout or /n * /wa /wa /listfile /listfile /ld /ld * = OS+IIS+SQL+Password

34 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Concurrent Scanning Can run multiple instances of MBSA 2.0 at the same time Can run multiple instances of MBSA 2.0 at the same time Do not scan the same target computer from more than one scanning computer Do not scan the same target computer from more than one scanning computer Same limitation exists in MBSA 1.2.1Same limitation exists in MBSA Password checks may collidePassword checks may collide MBSA 2.0 will ensure password checks happen safely if same target attempted by multiple instances on same scanning computer MBSA 2.0 will ensure password checks happen safely if same target attempted by multiple instances on same scanning computer

35 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Scanning Without Full Install MBSA 1.2.x /HF mode scanning was popular MBSA 1.2.x /HF mode scanning was popular Single file (mbsacli.exe)Single file (mbsacli.exe) Use /xmlout switch for MBSA 2.0 Use /xmlout switch for MBSA 2.0 Only needs WUA, mbsacli.exe and wusscan.dll (no COM registration)Only needs WUA, mbsacli.exe and wusscan.dll (no COM registration) Sends XML stream to console (stdout)Sends XML stream to console (stdout) Local computer onlyLocal computer only Other switches are limited in this modeOther switches are limited in this mode

36 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Catalog Version And Firewall Settings Offline Catalog Version Offline catalog includes a date/time string for when it was created Offline catalog includes a date/time string for when it was created Generated automatically when an update category changes in the MU site Generated automatically when an update category changes in the MU site WSUS server and MU site catalog do not have a version WSUS server and MU site catalog do not have a version To ensure a catalog version string appears in all reports, use the /catalog option To ensure a catalog version string appears in all reports, use the /catalog option DCOM ports on personal firewalls May need to obtain hotfix for (COM+ hotfix rollup 9) May need to obtain hotfix for (COM+ hotfix rollup 9) Allows use of custom static portAllows use of custom static port Affects all Windows XP versionsAffects all Windows XP versions

37 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. SQL Server Instances SQL Multi-instance Behavior WUA scanning will check all SQL / MSDE instances WUA scanning will check all SQL / MSDE instances After first vulnerable instance found, remaining instances are skipped After first vulnerable instance found, remaining instances are skipped Report shows product affected Report shows product affected SQL Multi-instance Solution Use details link in MBSA report to obtain the needed update Use details link in MBSA report to obtain the needed update Run the update package in ‘report mode’ Run the update package in ‘report mode’ This mode will show each SQL instance version to compare with the version of the needed updateThis mode will show each SQL instance version to compare with the version of the needed update

38 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Reason Messages ‘Why this update is considered missing’ Messages MBSA 1.x provided file names, versions, registry data, etc. to assist in troubleshooting MBSA 1.x provided file names, versions, registry data, etc. to assist in troubleshooting MBSA 2.0 uses WUA WUA uses different troubleshooting WUA uses different troubleshooting Microsoft Knowledgebase articles , , and and Microsoft Update troubleshooting steps and client logs Microsoft Knowledgebase articles , , and and Microsoft Update troubleshooting steps and client logs MBSA 2.0 provides ‘restart required’ message at the update level in the scan report Covers any update installed using WUA Covers any update installed using WUA Automatic Updates, SMS, Microsoft Update, Windows Update, etc. Automatic Updates, SMS, Microsoft Update, Windows Update, etc.

39 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Review Detection consistency, centered on Update Services Detection consistency, centered on Update Services Features in MBSA 2.0 and what to expect Features in MBSA 2.0 and what to expect Important considerations in using this major version Important considerations in using this major version

40 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. Beta Support Resources Self-nominate using guidance from Self-nominate using guidance from Posting Questions Posting Questions Beta.Microsoft.mbsa20.General newsgroupBeta.Microsoft.mbsa20.General newsgroup Announcements Announcements Beta.Microsoft.mbsa20.Announcements newsgroupBeta.Microsoft.mbsa20.Announcements newsgroup News Server: betanews.microsoft.com. News Server: betanews.microsoft.com. All MBSA 2.0 beta users must utilize the services of BetaPlace for technical support All MBSA 2.0 beta users must utilize the services of BetaPlace for technical support To access Beta.Microsoft.com, go to access Beta.Microsoft.com, go to Sign in using your Passport accountSign in using your Passport account Do not post questions about MBSA 2.0 beta to the public newsgroups Do not post questions about MBSA 2.0 beta to the public newsgroups

41 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.


Download ppt "Microsoft Baseline Security Analyzer 2.0 Beta Overview."

Similar presentations


Ads by Google