Download presentation
Presentation is loading. Please wait.
Published byEstevan Cote Modified over 10 years ago
1
Microsoft Baseline Security Analyzer 2.0 Beta Overview
Microsoft Managment Summit 2005 Microsoft Baseline Security Analyzer 2.0 Beta Overview © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
2
Microsoft Managment Summit 2005
Agenda Part 1: Roadmap Part 2: Feature Review Part 3: User Experience Part 4: System Requirements Part 5: Migration Considerations This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
3
Microsoft Managment Summit 2005
Security Update Management Today Disparate sources, limited update detection Windows Update/Office Update Consumer focused web based solutions Software Update Services (SUS) 1.0 Intermediary between Windows Update and Automatic Updates (delegated control of updates) Microsoft Baseline Security Analyzer (MBSA) 1.2.1 Detects security updates for 16 products Detects configuration vulnerabilities for 7 products Systems Management Server 2.0 / 2003 SUS Feature Pack (using MBSA 1.2 and ODT) Enterprise Update Scan Tool (EST) Detects security updates that MBSA does not Compatible with SMS This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
4
Microsoft Managment Summit 2005
Security Update Management Tomorrow Consistent results, extending update detection Microsoft Update (MU) “Hosted” version of Update Services Consumer focused web based solution Windows Server Update Services (WSUS) Infrastructure for all other updating products and tools Update management solution with targeting for Microsoft platform Microsoft Baseline Security Analyzer (MBSA) 2.0 Security focused scanning without the need for a server Systems Management Server 2003 Inventory Tool for Microsoft Update Note : The Enterprise Scan Tool may continue to be used while MBSA 2.0 is released, depending on how much content is released into the Microsoft Update Catalog – If an update cannot be detected by WSUS, it will not be detected by MBSA 2.0 and will require the Enterprise Scan Tool. This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
5
Microsoft Update Catalog
Automatic Updates SMS MBSA 2.0 Update Services Windows Update Agent MOM Microsoft Update Catalog Offline Catalog (wsusscan.cab) Update Detection / Deployment This Summer Windows Update Office Update MSSecure.XML Download Center Automatic Updates ODT HFNetChk EST SMS MBSA 1.2.1 SUS MOM Update Detection / Deployment Today This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights.
6
Vulnerability Assessment Timeline
Microsoft Managment Summit 2005 Vulnerability Assessment Timeline MBSA / ODT Security update checks Limited to 16 named products Administrative vulnerability checks Limited to 7 named products Checks not extensible MBSA 2.0 (Q2CY05) Uses WSUS infrastructure Eventually detect all Microsoft updates Not limited to named products Consistent with other tools using WSUS Oct ’04… Aug ‘04 Next… Uses WSUS infrastructure VA for the Microsoft platform Authoritative Extensible Enterprise Scan Tool Detects security updates that MBSA / ODT do not Compatible with SMS This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
7
Microsoft Managment Summit 2005
MBSA 2.0 Goals Converge scanning on WSUS infrastructure by replacing current scan engine with Microsoft Update (MU) WSUS server and Internet connection optional Cover all security-related updates published to MU Consistency in reporting results with all tools that also leverage MU (WSUS, SMS, MOM, MBSA) Provide better detail and more actionable results in the report Partnering and redistribution This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
8
Microsoft Managment Summit 2005
Redistribution MBSA 2.0 License Agreement to allow redistribution Improved ISV / 3rd party integration opportunities Microsoft may still change interfaces, schema, etc. at any time This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
9
Microsoft Managment Summit 2005
Part 2 Feature Review Key Terms Scanning / Reporting Update Detection Additional Checks How it works This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
10
Key Terms Offline catalog – A copy of the detection catalog from the MU backend for use without a network AU – Automatic Updates; allows the desktop user to interact with the updating process WUA – Windows Update Agent; provides a published API and infrastructure to AU, MBSA, SMS and other API callers COM+ / DCOM – Interface used by the WUA API which provides ‘read only’ scanning from a remote computer and full functionality locally Personal firewall – A firewall can protect a computer from remote access of ports and interfaces This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights.
11
Microsoft Managment Summit 2005
MBSA 2.0 Scanning Flexible scanning sources Microsoft Update site Offline catalog Assigned WSUS server Use multiple copies of MBSA 2.0 MBSA 1.2.x limited to a single instance Can use MBSA 2.0 side-by-side with MBSA during migration Input file of computers / IP addresses to be scanned Pass a username and password on the command line for an MBSA-style scan This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
12
Microsoft Managment Summit 2005
MBSA 2.0 Reporting Provide a "not yet approved" score for WSUS server administrators Current Update Compliance (history) appears in the report ‘Restart Required’ now shown in report Now offers XML output for all update scanning MBSA 1.2.x had XML only for MBSA-style scans, not /HF scans Elimination of the blue asterisk ‘Note’ message for security updates Locate update packages, KB and bulletin directly Maximum bulletin severity and 3rd party related IDs This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
13
Microsoft Managment Summit 2005
MBSA 2.0 Update Detection Security updates (today) Windows 2000 SP3 and later IIS 5.0 and later SQL Server 2000 / MSDE and later IE 5.01 SP3 and later Exchange 2000, 2003 and later Windows Media Player 6.4 and later Office XP, 2003 and later MSXML 2.5, 2.6, 3.0, 4.0 MDAC 2.5, 2.6, 2.7, 2.8 Microsoft Virtual Machine (JVM) Added security updates DirectX .NET Framework Windows Messenger FrontPage Server Extensions Windows Media Player 10 Windows Script 5.1, 5.5, 5.6 Windows Server 2003, 64-Bit Edition Windows XP 64-Bit Edition Windows XP Embedded Edition Not immediately available SQL and Exchange service packs Office 2000 updates Commerce Server Content Mgt Server BizTalk Host Integration Server New platforms Remote only, updates only XP Embedded IA64 Updates only X64 This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
14
Update Detection International Considerations
Microsoft Managment Summit 2005 Update Detection International Considerations MU and offline catalog contain all languages Regardless of client language, any report created by a given console will be in the language of that console Viewing a report in a different language console may cause the report to have text in both languages If localized update not synchronized to the WUS server, a WSUS-only scan will result in default strings regardless of client or console locale Should be rare This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
15
MBSA 2.0 Additional Checks
Microsoft Managment Summit 2005 MBSA 2.0 Additional Checks Incomplete Updates Updates packaged using update.exe v6.1 (and later) provide a registry key to indicate pending reboot MBSA will check this key and offer a non-critical warning Help topic for the check has details Operating System Version Changed to report a critical warning (Red X) when scanning Windows NT due to the end of support for that Windows version This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
16
Microsoft Managment Summit 2005
MBSA 2.0 How It Works Default Behavior MBSA 2.0 Process Animation Agent Deployment Scanning Superseded Updates This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
17
MBSA 2.0 Default Scan Options
Microsoft Managment Summit 2005 MBSA 2.0 Default Scan Options MBSA Scan (GUI and CLI) Use Same Options Run all checks, local computer Attempt to install WUA if needed Attempt to use WSUS server (if assigned) Attempt to configure / use MU Use offline CAB if MU site not available Saved report will warn if MSI not present Informational grade for unapproved WSUS updates (if WSUS server assigned to client) Show a detailed report immediately after a single computer scan This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
18
Microsoft Managment Summit 2005
Agent Deployment Microsoft Update Run MBSA on Admin system, specify targets WSUSSCAN.CAB WindowsUpdateAgent20-X64.exe WindowsUpdateAgent20-X86.exe Verify latest CAB and compare agent version in CAB to WUA version If low version go to #4, else scan normally (verify MU config) Download agent components MBSA Console Push agent, (register MU), then retry API Target Computer This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
19
Microsoft Managment Summit 2005
MBSA 2.0 Scanning Microsoft Update Run MBSA on Admin system, specify targets WSUSSCAN.CAB MU site Verify latest CAB ready Try the WSUS server by default (if assigned) WSUS Try the MU site (by default) If MU not available push CAB to client Use API with CAB file If WSUS results & MU results, merge them MBSA Console Use Info score for WSUS unapproved items Target Computer This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
20
Microsoft Managment Summit 2005
Superseded Updates Typical replacement relationship: If a later update is not WSUS approved: If only previous update is installed: The typical lifespan of a security update is shown in the Typical replacement relationship diagram. In the example, MS was the original update, but was later replaced by the update for MS Both these updates were included into Update Rollup #1, and so on. Because it’s possible for the older or the newer, or both or neither of these example items to be approved on the WSUS server, or installed on the computer, MBSA is able to examine the relationships and offer the best advice. For example, when SP3 isn’t approved yet, but SP2 is, so MBSA advises the install of SP2 rather than SP3. If previous and replacement updates installed: This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
21
Microsoft Managment Summit 2005
Part 3 User Experience Command Line Interface (CLI) New options Changed options Graphical User Interface (GUI) Scanning Options Error Message Handling Report Details This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
22
Microsoft Managment Summit 2005
New Options In MBSA 2.0 /qt – Do not display the report output automatically after a single computer scan /nd – Do not download files from the Web site when scanning /nai – Do not attempt to install a newer version of WUA if one is required for scanning /nm – Do not configure clients to use the Microsoft Update site when scanning /wi – Ignore the WSUS configuration of the client computer This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
23
Options Changed In MBSA 2.0
Microsoft Managment Summit 2005 Options Changed In MBSA 2.0 /wa replace the /sus option /catalog replaces the /x option /xmlout replaces the /hf option /target replaces the /i, /c and /h options /listfile replaces the /fh and /fip options /ld replaces the /v option This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
24
MBSA 2.0 Scanning Options Page
Microsoft Managment Summit 2005 MBSA 2.0 Scanning Options Page Use the GUI options to control WUA updating and Microsoft Update service registration. Scanning with, and without Update Services approved update list can be controlled. This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
25
Error Message Handling
Microsoft Managment Summit 2005 Error Message Handling Many error messages made easily actionable ‘How to correct this’ link in report Opens new guidance in main help file Main help and FAQ work in conjunction with error messages Web site FAQ topic enhanced over time This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
26
Report Details (non-compliance)
Microsoft Managment Summit 2005 Report Details (non-compliance) Notice the CVE data, severity, and download icon. Restart required, the new informational score, as well as KB links are now provided. This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
27
Report Details (compliance)
Microsoft Managment Summit 2005 Report Details (compliance) Reports now list the most current updates that are installed and not yet replaced by newer updates This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
28
Part 4 System Requirements
Microsoft Managment Summit 2005 Part 4 System Requirements Windows Update Agent System Requirements This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
29
Microsoft Managment Summit 2005
Windows Update Agent What is it? Replacement update scanning engine for MBSA 2.0 and Automatic Updates, SMS, etc. Detection logic is now data-driven / extensible (and for Microsoft products only) Uses an offline catalog as well as an online site for scanning Future enhancements to the WUA engine allow MBSA 2.0 to “self-update” when needed AU / WUA self-update Needs Internet connection or WSUS server Needs AU switched on in control panel and AU service running This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
30
MBSA 2.0 System Requirements
Microsoft Managment Summit 2005 MBSA 2.0 System Requirements Required services Computer being scanned locally Workstation and Server service Windows Installer 3.1 (for security update scans) Windows Update Agent Computer that performs remote scans Workstation service Client for Microsoft Networks Computer being remotely scanned Server service Remote registry service File and Print Sharing This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
31
Microsoft Managment Summit 2005
Requirements Internet Explorer 5.01 SP3 or above Windows 2000 SP3 and later XML parser (MSXML version 3.0 w/ latest SP) IIS Common Files (required on local machine when scanning remote IIS computers) Firewall ports Port 80 (HTTP) Outbound from scanning computer Needed to download WUSSCAN.CAB file TCP 139, 445 Inbound to scanned computers Needed to scan remote computers DCOM (port 135) + new optionally configured port User must be running as local Administrator for scanning This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
32
Part 5 Migration Considerations
Microsoft Managment Summit 2005 Part 5 Migration Considerations Command Line Parity Concurrent scanning Scanning without full install Catalog version DCOM ports on Windows Firewall SQL multi-instance Reason messages This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
33
MBSA Version CLI Option Parity
Microsoft Managment Summit 2005 MBSA Version CLI Option Parity MBSA 1.2.x /hf /h or /hf /i /c or /i /hf /x /hf /sus /hf /fip /hf /fh /v MBSA 2.0 /target /catalog /xmlout or /n * /wa /listfile /ld * = OS+IIS+SQL+Password This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
34
Microsoft Managment Summit 2005
Concurrent Scanning Can run multiple instances of MBSA 2.0 at the same time Do not scan the same target computer from more than one scanning computer Same limitation exists in MBSA 1.2.1 Password checks may collide MBSA 2.0 will ensure password checks happen safely if same target attempted by multiple instances on same scanning computer This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
35
Scanning Without Full Install
Microsoft Managment Summit 2005 Scanning Without Full Install MBSA 1.2.x /HF mode scanning was popular Single file (mbsacli.exe) Use /xmlout switch for MBSA 2.0 Only needs WUA, mbsacli.exe and wusscan.dll (no COM registration) Sends XML stream to console (stdout) Local computer only Other switches are limited in this mode This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
36
Catalog Version And Firewall Settings
Microsoft Managment Summit 2005 Catalog Version And Firewall Settings Offline Catalog Version Offline catalog includes a date/time string for when it was created Generated automatically when an update category changes in the MU site WSUS server and MU site catalog do not have a version To ensure a catalog version string appears in all reports, use the /catalog option DCOM ports on personal firewalls May need to obtain hotfix for (COM+ hotfix rollup 9) Allows use of custom static port Affects all Windows XP versions This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
37
Microsoft Managment Summit 2005
SQL Server Instances SQL Multi-instance Behavior WUA scanning will check all SQL / MSDE instances After first vulnerable instance found, remaining instances are skipped Report shows product affected SQL Multi-instance Solution Use details link in MBSA report to obtain the needed update Run the update package in ‘report mode’ This mode will show each SQL instance version to compare with the version of the needed update This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
38
Microsoft Managment Summit 2005
Reason Messages ‘Why this update is considered missing’ Messages MBSA 1.x provided file names, versions, registry data, etc. to assist in troubleshooting MBSA 2.0 uses WUA WUA uses different troubleshooting Microsoft Knowledgebase articles , , and and Microsoft Update troubleshooting steps and client logs MBSA 2.0 provides ‘restart required’ message at the update level in the scan report Covers any update installed using WUA Automatic Updates, SMS, Microsoft Update, Windows Update, etc. This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
39
Review Detection consistency, centered on Update Services
Features in MBSA 2.0 and what to expect Important considerations in using this major version This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights.
40
Beta Support Resources
Microsoft Managment Summit 2005 Beta Support Resources Self-nominate using guidance from Posting Questions Beta.Microsoft.mbsa20.General newsgroup Announcements Beta.Microsoft.mbsa20.Announcements newsgroup News Server: betanews.microsoft.com. All MBSA 2.0 beta users must utilize the services of BetaPlace for technical support To access Beta.Microsoft.com, go to Sign in using your Passport account Do not post questions about MBSA 2.0 beta to the public newsgroups This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
41
Microsoft Managment Summit 2005
© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. This content is subject to change. It is provided "AS IS" with no warranties, and confers no rights. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.