Check Your Windows System For Vulnerabilities With Microsoft’s Free Baseline Security Analyzer

imageIf you’re a regular reader here, this post will serve as a reminder that scanning for system vulnerabilities from time to time, is a prudent practice.

To help you assess the overall state of security on your computer (and close any open windows in Windows), Microsoft provides a free scanning tool – Microsoft Baseline Security Analyzer (MBSA), which will scan your system, and provide you with a report on your machine’s security – based on Microsoft’s security recommendations.

It’s important to remember that changes in system configuration may require additional use of MBSA in order to check the new configuration for compliance. This is particularly true when installing applications, or adding new optional components, which may install programs that have not been updated with the latest fixes.

For reference purposes, I’ve gathered the following statistics from the Iolo  Threat Center as of October 14, 2011. This data is in line with the data obtained from more comprehensive studies we’ve seen over the last several years.


October 14, 2011.

PCs without active virus protection: 56.16%
PCs without active firewall protection: 36.11%
Average number of security flaws: 29.44

If we contrast this data with Iolo’s Global System Status Details as of March 26, 2011, it appears as if we’re on a slippery slope.

March 26, 2011.

PCs without active virus protection: 53.42%
PCs without active firewall protection: 20.88%
Average number of security flaws: 13.56


MBSA includes both a graphical and a command line interface, that can perform local or remote scans of Microsoft Windows systems. For this post I’ll focus on the graphical interface.

MBSA is capable of scanning not only a stand-alone system, but multiple systems as well.


The GUI is straightforward, and as you can see in the following screen capture – checkbox simple.


Scanning Options:

For each scan, the following options can be enabled, or disabled, as needed, in the MBSA user interface:

Check for Windows administrative vulnerabilities – scans for security issues such as Guest account status, file-system type, available file shares, and members of the Administrators group.

Check for weak passwords –  checks computers for blank and weak passwords during a scan.

Check for Internet Information Services (IIS) administrative vulnerabilities.

Check for SQL administrative vulnerabilities – checks for the type of authentication mode, account password status, and service account memberships.

Check for security updates (missing updates) – scans for missing security updates for the products published to the Microsoft Update site only.


The two areas, in the report, you will find most useful as a home user, are:

Security misconfiguration (less secure settings and configurations).

Missing security updates and service packs (if any).

The report will provide you with specific steps to take, should the application find issues.

The following screen capture from my test machine, illustrates the partial results of a typical scan – click to expand to original size.


In this test scan, MBSA has discovered – “2 service packs or update rollups are missing”. Clicking on – “Result details” brought up the following dialogue box and, as you can see, both IE 9 and Win 7 Service Pack 1, are not installed.


Microsoft didn’t leave me hanging though. Instead, simply clicking “How to correct this”,  brought up the following Microsoft help page which lays out an easy solution.


The following screen capture illustrates a portion of the report covering Administrative Vulnerabilities. In this area, you may find reminders that Microsoft may not necessarily agree with your personal preferences. Certainly, a number of mind rated a caution.

Should you find similar cautions following your scan, there’s no need to worry. Clicking on “How to correct this” for additional information, will help you determine if your personal preferences are safe. You may feel comfortable with your choices, despite Microsoft’s advice to the contrary.

Remember, you’re the boss.   Smile


In order to run a scan with MBSA, you may need the IP address of your computer – an easy way to obtain this is here.

System Requirements: Windows 2000; Windows 7; Windows Server 2003; Windows Server 2008; Windows Server 2008 R2; Windows Vista; Windows XP; Windows XP Embedded. (32 bit and 64 bit).

Available languages: English, German, French, Japanese.

Download at: Microsoft

Note: Microsoft recommends viewing the readme.html file, before running MBSA the first time. If you are a regular reader here, I don’t think this is necessary, but….


Filed under 64 Bit Software, Computer Audit Applications, downloads, Freeware, Microsoft, Security Rating Applications, Windows Tips and Tools

7 responses to “Check Your Windows System For Vulnerabilities With Microsoft’s Free Baseline Security Analyzer

  1. Personally, I would use non-microsoft program for security scan. Maybe this is personal belief, but I prefer software that would provide second opinion, not only of Microsoft engineers (which is integrated in Windows anyway, at least partially). Yeah, they know Windows the best, but still…

  2. Mal

    Hey Bill,
    I cannot for the life of me understand how people can run without protection (in reference to the Iolo report). There is no way they can claim ignorance, not in this day and age.
    It just does not compute.

    • Hey Mal,

      LOL! Well said – “It just does not compute.”

      True story:

      A friend dropped in the other day so that he could log on to his Facebook page. Natural question – “So, what’s up with your own machine?”

      Answer – “I don’t know, but every time I get on the Internet it starts to act up. Guess it’s time for a new one”

      Seriously, time for a new computer because the old one is infested with malware of every description.

      My response – oh well. You’ll notice there was no offer of help from this end. Like you have – been there – done that – but, no more.

      So yeah, you’re spot on (as always 🙂 ) – “There is no way they can claim ignorance, not in this day and age.”



  3. pmshah

    This most probably is M$’s one more attempt at looking for cracked OS / software !

    • Hey Pmshah,

      Really! I’d be most interested in hearing just how you came to that conclusion. Perhaps you’re aware of circumstances we should all be aware of.


  4. Pingback: Un audit de parc informatique gratuit | Korben