Trying Microsoft Update and MBSA 2.0

Today while updating my Windows 2000 laptop I had the opportunity to try two new Microsoft programs. The first is the new Microsoft Update, more of a one-stop-shop for Windows patches. The second is version 2.0 of Microsoft Baseline Security Analyzer. Computerworld has some coverage, but here was my experience.

When I started Windows Update, I saw the following screen.



I decided to follow the "Upgrade" recommendation. After running Microsoft Update, I got these results.



You can see that Microsoft Office updates and updates for other Microsoft programs are available. I think the new interface works well.

Once I downloaded and installed all of the updates, I turned to the new MBSA 2.0. It doesn't look that much different, so the improvements are under the hood.



I got my results following the scan of the single laptop.



I don't necessarily agree with the "severe risk" assessment. I think MBSA complained because it found a FAT partition I use to share data between Windows 2000 and FreeBSD on the same laptop. MBSA prefers using NTFS.

In any case, MBSA did not report any security vulnerabilities. It was good to apparently see Microsoft Update retrieving the right updates and MBSA confirming it.

Comments

Anonymous said…
The GUI is nice, but MBSA does have a cli. Here are Microsoft's URLs if you want to script an update.

MSSecure_1033.CAB

http://go.microsoft.com/fwlink/?LinkId=18922

Office Update Inventory Tool Version 2.1

invcif.exe

http://go.microsoft.com/fwlink/?linkid=18842

invcm.exe

http://go.microsoft.com/fwlink/?linkid=18452

Compare your results from MS's MSSecure_1033.CAB with the MSSecure.CAB file found on Shavlik.com.

http://hfnetchk.shavlik.com/support/hfpro4help/Shavlik_data_files.htm
Anonymous said…
I also used the new update tool this past weekend. I was happy with the update features, specifically the driver updates, which applied to a couple of devices on my machine. This saves headache and time from going to different manufacturer's websites.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics