Microsoft Baseline Security Analyzer and XML

What the Microsoft Baseline Security Analyzer has to do with XML and why it might interest you.

For the past couple of years, Microsoft has offered a free security scanning tool that can not only scan the local

machine on which the tool is running, but can also scan other machines across a network (given the right levels of access, of course). This tool is called the Microsoft Baseline Security Analyzer, or MBSA, and it's available from the MS Web site in a new version, 1.2.1, that's been updated to accommodate Windows XP SP2.

From an XML point of view, what makes MBSA interesting is its use of a continuously updated XML reference file on the Microsoft site named mssecure.xml that drives MBSA's behavior. In a nutshell, the XML file profiles all the latest software versions, service packs, and security updates available for various Microsoft operating systems, BackOffice components, services, and so forth. The tool operates by scanning a target system and comparing what it finds there to what's in that up-to-date file. When discrepancies or omissions are discovered, these differences drive the reporting and recommendations that the tool makes to help bring systems up to date, and to make sure known vulnerabilities are patched or fixed, or workarounds put in place.

When MBSA downloads mssecure.xml from the MS Web site it does so in the form of a compressed cabinet (.cab) file. Consequently, the tool must first unpack that file so it can compare its contents to the results from a real-time scan. As the program runs, therefore, it generates another XML file that's used to provide a basis for comparison that allows the software to quickly and easily zero in on areas where remediation might be required or warranted.

The Knowledge Base article (842432) explains how to download and extract the contents of the .cab file to see the XML catalog in its startlingly lengthy and complex glory. MS has done a good job of making what's inherently machine-readable human readable as well—you can learn a lot about how and what they track on Windows desktops and servers by skimming over this file. You can also get a sense of how the underlying XML document structure was designed and implemented to support this interesting and useful application.

Additional MBSA Resources

MBSA White paper (covers 1.2 but remains largely applicable to 1.2.1)
MBSA 1.2.1 Update details
MBSA Scripting tutorial
MBSA FAQ
KB Article 842432 "How to troubleshoot file catalog downloads for MBSA 1.2"


Ed Tittel is a writer, trainer, and consultant based in Austin, TX, who writes and teaches on XML and related vocabularies and applications. E-mail Ed at etittel@lanw.com.


This was first published in September 2004

Dig deeper on XML and XML schema

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSoftwareQuality

SearchCloudApplications

SearchAWS

TheServerSide

SearchWinDevelopment

Close