Mark - sorry for the delayed reply.
Since MBSA filters out updates that aren't of the three classes it supports
(service packs, rollups and security updates), MBSA wouldn't be helpful to
scan for all missing updates. For online scanning, Microsoft Update is the
best offering. WSUS Servers and SMS/SCCM will do the job well - but these
are likely dependencies you can't count on as an IT administrator unless
these are already part of your security and/or patch management strategy.
There are a number of 3rd party tools you could use. The Patch Management
Mailing List would be an excellent forum to get the best recommendations for
your specific needs. Consider subscribing to the mailing list at
http://www.patchmanagement.org/ for recommendations. I hope that helps...
--
Doug Neal [MSFT]
***@online.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights.
If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for support on the Microsoft
Baseline Security Analyzer (MBSA). Information is available at the following
link:
http://support.microsoft.com/default.aspx
This e-mail address does not receive e-mail, but is used for newsgroup
postings only.
Post by MarkThank you Doug. I do see that information now in the FAQ, though not on the
MBSA home page.
Does Microsoft offer a product that will let me do a full analysis of _all_
installed and missing updates on a group of computers? I am thinking of the
scenario when I, as an outsourced IT provider, go to a new client and want to
run a comprehensive scan on all of their computers.
If MS does not offer this, are you aware of third-party tools that do?
Thank you,
Mark
Post by Doug Neal [MSFT]Mark - thank you for posting this to the MBSA newsgroup!
MBSA only reports missing Security Updates, Update Rollups (UR) or Service
Packs (SP) - nothing else. There are many high priority updates,
non-security updates, tools, drivers and other updates that are offered by
Windows Update that - because they aren't one of the 3 critical security
classifications reported by MBSA - will not show up an an MBSA scan report.
967715 is a non-security update. And although released as a high priority
update, isn't an SP, UR or security update taht MBSA scans and reports
against. This is covered on the MBSA home page (www.microsoft.com/mbsa) and
the MBSA FAQ.
I hope that helps...
--
--
Doug Neal [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for support on the Microsoft
Baseline Security Analyzer (MBSA). Information is available at the following
http://support.microsoft.com/default.aspx
This e-mail address does not receive e-mail, but is used for newsgroup
postings only.
Post by MarkI'm reviewing the patch status of a Windows 2003 R2 server.
Windows Update lists KB967715 as a High Priority update and schedules
it
for
immediate installation.
MBSA 2.1 does not list KB967715 at all.
Why do these two tools report different results?
Thank you,
Mark