Tip

Microsoft Baseline Security Analyzer and XML

For the past couple of years, Microsoft has offered a free security scanning tool that can not only scan the local machine on which the tool is running, but can also scan other machines across a network (given the right levels of access, of course). This tool is called the Microsoft Baseline Security Analyzer, or MBSA, and it's available from the MS Web site in a new version,

    Requires Free Membership to View

1.2.1, that's been updated to accommodate Windows XP SP2.

From an XML point of view, what makes MBSA interesting is its use of a continuously updated XML reference file on the Microsoft site named mssecure.xml that drives MBSA's behavior. In a nutshell, the XML file profiles all the latest software versions, service packs, and security updates available for various Microsoft operating systems, BackOffice components, services, and so forth. The tool operates by scanning a target system and comparing what it finds there to what's in that up-to-date file. When discrepancies or omissions are discovered, these differences drive the reporting and recommendations that the tool makes to help bring systems up to date, and to make sure known vulnerabilities are patched or fixed, or workarounds put in place.

When MBSA downloads mssecure.xml from the MS Web site it does so in the form of a compressed cabinet (.cab) file. Consequently, the tool must first unpack that file so it can compare its contents to the results from a real-time scan. As the program runs, therefore, it generates another XML file that's used to provide a basis for comparison that allows the software to quickly and easily zero in on areas where remediation might be required or warranted.

The Knowledge Base article (842432) explains how to download and extract the contents of the .cab file to see the XML catalog in its startlingly lengthy and complex glory. MS has done a good job of making what's inherently machine-readable human readable as well—you can learn a lot about how and what they track on Windows desktops and servers by skimming over this file. You can also get a sense of how the underlying XML document structure was designed and implemented to support this interesting and useful application.

Additional MBSA Resources

MBSA White paper (covers 1.2 but remains largely applicable to 1.2.1)
MBSA 1.2.1 Update details
MBSA Scripting tutorial
MBSA FAQ
KB Article 842432 "How to troubleshoot file catalog downloads for MBSA 1.2"


Ed Tittel is a writer, trainer, and consultant based in Austin, TX, who writes and teaches on XML and related vocabularies and applications. E-mail Ed at etittel@lanw.com.


This was first published in September 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.