For the past couple of years, Microsoft has offered a free security scanning tool that can not only scan the local machine on which the tool is running, but can also scan other machines across a network (given the right levels of access, of course). This tool is called the Microsoft Baseline Security Analyzer, or MBSA, and it's available from the MS Web site in a new version, 1.2.1, that's been updated to accommodate Windows XP SP2.
From an XML point of view, what makes MBSA interesting is its use of a continuously updated XML reference file on the Microsoft site named mssecure.xml that drives MBSA's behavior. In a nutshell, the XML file profiles all the latest software versions, service packs, and security updates available for various Microsoft operating systems, BackOffice components, services, and so forth. The tool operates by scanning a target system and comparing what it finds there to what's in that up-to-date file. When discrepancies or omissions are discovered, these differences drive the reporting and recommendations that the tool makes to help bring systems up to date, and to make sure known vulnerabilities are patched or fixed, or workarounds put in place.
When MBSA downloads mssecure.xml from the MS Web site it does so in the form of a compressed cabinet (.cab) file. Consequently, the tool must first unpack that file so it can compare its contents to the results from a real-time scan. As the program runs, therefore, it generates another XML file that's used to provide a basis for comparison that allows the software to quickly and easily zero in on areas where remediation might be required or warranted.
The Knowledge Base article (842432) explains how to download and extract the contents of the .cab file to see the XML catalog in its startlingly lengthy and complex glory. MS has done a good job of making what's inherently machine-readable human readable as well—you can learn a lot about how and what they track on Windows desktops and servers by skimming over this file. You can also get a sense of how the underlying XML document structure was designed and implemented to support this interesting and useful application.
Additional MBSA Resources
MBSA White paper (covers 1.2 but remains largely applicable to 1.2.1)
MBSA 1.2.1 Update details
MBSA Scripting tutorial
MBSA FAQ
KB Article 842432 "How to troubleshoot file catalog downloads for MBSA 1.2"
Ed Tittel is a writer, trainer, and consultant based in Austin, TX, who writes and teaches on XML and related vocabularies and applications. E-mail Ed at etittel@lanw.com.
