CPL Systems 2020
MBSA Monitor

Microsoft Baseline Security Analyzer

Problem – you have many servers and PC’s all with hundreds of potential security loopholes. How do you keep on top of this ? 

Solution – Us the new MBSA security analyzer Monitored Object in PageR 5.2.5.


Microsoft Baseline Security Analyzer (MBSA)
is a FREE tool from Microsoft.

MBSA consumes a very small amount of system recources.

 

MBSA is an easy-to-use tool that helps you determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance - unfortunately it means yet another job for the IT department to do regularly on every single sever ! 


PageR can now do this for you AUTOMATICALLY using the new MBSA Monitored Object to :-

 1)     detect common security misconfigurations
 
2)     detect missing security updates on all your computer systems 

WHAT DOES THE NEW MBSA MO CHECK ?

Security update checks

Scan servers for security updates uses Microsoft Update and Windows Server Update Services technologies.

Check for security updates, update rollups, and service packs .

Windows system checks

Check for account password expiration
Check for file system type on hard drives
Check if Auto Logon feature is enabled
Check if Guest account is enabled
Check the RestrictAnonymous registry key settings
Check the number of local Administrator accounts
Check for blank or simple local user account passwords
Check if unnecessary services are running
List the shares present on the computer
Check if Windows auditing is enabled
Check the Windows version running on the scanned computer
Check if Internet Connection Firewall is enabled
Check if Automatic Updates is enabled
Check if incomplete updates require the computer to be restarted

IIS checks

Check if the IIS Lockdown tool was run on the computer
Check if IIS sample applications are installed
Check if IIS parent paths are enabled
Check if the IIS Admin virtual folder is installed
Check if the MSADC and Scripts virtual directories are installed
Check if IIS logging is enabled
Check if IIS is running on a domain controller

SQL Server checks

Check if Administrators group belongs in Sysadmin role
Check if CmdExec role is restricted to Sysadmin only
Check if SQL Server is running on a domain controller
Check if sa account password is exposed
Check SQL Server installation folders access permissions
Check if Guest account has database access
Check if Everyone group has access to SQL Server registry keys
Check if SQL Server accounts have blank or simple passwords
Check the SQL Server authentication mode type
Check the number of Sysadmin role members
Check SQL Server password and expiration policies
Check SQL Server Integration Services

Desktop application checks

List the Internet Explorer security zone settings for each local user
Check if Internet Explorer Enhanced Security Configuration is enabled for Administrators
Check if Internet Explorer Enhanced Security Configuration is enabled for non-Administrators
List the Office products security zone settings for each local user

Incomplete or Partially Installed Updates

For updates installed by using Windows Update, Microsoft Update, or Automatic Updates that required a restart of the computer that was postponed by the user, MBSA will indicate that the update is not installed because the required reboot has not occurred.


SAMPLE REPORTSecurity Update Scan Results 
Office Security Updates
14 security updates are missing. 2 service packs or update rollups are missing.
What was scanned      Result details      How to correct this  
Windows Security Updates
1 security updates are missing. 2 service packs or update rollups are missing.
What was scanned      Result details      How to correct this  
SDK Components Security Updates
No security updates are missing.
What was scanned      Result details  
SQL Server Security Updates
No security updates are missing.
What was scanned      Result details  
 Windows Scan Results Administrative Vulnerabilities 
Incomplete Updates
A previous software update installation was not completed. You must restart your computer to finish the installation. If the incomplete installation was a security update, then the computer may be at risk until the computer is restarted.
   
Windows Firewall
Windows Firewall is disabled and has exceptions configured.
What was scanned      Result details      How to correct this  
Local Account Password Test
No user accounts have simple passwords.
What was scanned      Result details  
Automatic Updates
Updates are automatically downloaded and installed on this computer.
What was scanned        
File System
All hard drives (1) are using the NTFS file system.
What was scanned      Result details  
Guest Account
The Guest account is not disabled on this computer.
What was scanned        
Restrict Anonymous
Computer is properly restricting anonymous access.
What was scanned        
Administrators
No more than 2 Administrators were found on this computer.
What was scanned      Result details  
Autologon
Check is skipped on Windows XP Home Edition computers.
What was scanned        
Password Expiration
Check is skipped on Windows XP Home Edition computers.
What was scanned        
 Desktop Application Scan Results Administrative Vulnerabilities 
IE Zones
Internet Explorer zones do not have secure settings for some users.
What was scanned      Result details      How to correct this  
Macro Security
4 Microsoft Office product(s) are installed. No issues were found.
What was scanned      Result details