Microsoft KB Archive/840673

= The MBSA reports more missing security updates when you use the SUS option on a Windows 2000, Windows Server 2003, or Windows XP-based computer =

Article ID: 840673

Article Last Modified on 11/5/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows XP Professional
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition

-





INTRODUCTION
This article discusses why you may see different results when you run the Microsoft Baseline Security Analyzer (MBSA) in default mode and when you run the MBSA with the Microsoft Software Update Services (SUS) option. The MBSA may report additional missing security updates when you use the SUS option. This article also provides a brief description of the MBSA in default mode and of the MBSA with the SUS option.



Microsoft Baseline Security Analyzer version 1.2 in default mode
When you run the MBSA in default mode, the MBSA downloads a Mssecure.cab file that matches the language of the computer that is being scanned and extracts a localized XML file for use in the scan. For example, if you remotely scan a Japanese Windows-based computer, MBSA will download the Japanese Mssecure.cab file that contains a localized Mssecure.xml file for use in the scan.

In default mode, the MBSA reports all the security updates that are not installed, but collapses all the updates that are outdated or superseded by more recent or cumulative updates.

Microsoft Baseline Security Analyzer version 1.2 with the SUS option
MBSA version 1.2 supports the option to scan for security updates by using a local SUS server. You can select the SUS option in the MBSA user interface or in the MBSA command line interface. MBSA performs a scan with the SUS option by using the list of approved updates on the local SUS server instead of by using the list of available updates that are listed in the Mssecure.xml file that is downloaded at run time.

When you run the MBSA with the SUS option, the tool scans for and reports on all SUS server approved updates. This includes updates that have been superseded by newer or cumulative updates. Because the MBSA scans a computer to determine whether all the updates that are approved by the SUS server are explicitly installed, the resulting report may show more updates needed when you use a SUS server-based scan that when you use the default (non-SUS Server) scan. Be aware that because some of the reported updates may have been superseded, you may not have to explicitly install all the updates that appear in the report when you run the MBSA with the SUS option. If a security update is superseded by a later release or is part of a cumulative security update, you do not have to install the security update.

For more information about MBSA, visit the following Web site:

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

For more information about SUS and WSUS, visit the following Web site:

http://technet.microsoft.com/en-us/wsus/default.aspx

Keywords: kbtshoot kbinfo KB840673

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.