Microsoft Baseline Security Analyzer (MBSA) checks for operating system and SQL Server updates. MBSA also scans a computer for insecure configuration. When checking for Windows service packs and patches, it includes Windows components such as Internet Information Service (IIS) and COM+. MBSA uses an XML file as the manifest of existing updates. This XML file, contained in the archive Mssecure.cab, is either downloaded by MBSA when a scan is run, or the file can be downloaded on the local computer, or made available from a network server.
In this chapter, you will learn how to use MBSA to perform two processes:
A security updates scan
A check for default settings that are not secure
This How To reviews each mode separately, although both modes can be performed in the same pass.