Verwijderd schreef op 07 november 2003 @ 09:00:
Is dat wel een tool van microsoft? Nooit van gehoord!
edit: ja het bestaat inderdaad!
MBSA 1.0, originally released as a response to the Code Red and Nimda worms, is a multi-threaded security scanner that analyzes an individual computer or a group of computers for missing security patches and other common security misconfigurations. Craig Fiebig, General Manager of SBU Product Marketing, said that "MBSA v1.1 simplifies desktop and server security vulnerability assessment, delivering another step on the path to Trustworthy Computing."
The 1.1 release of MBSA provides bug fixes and enhancements to the original scanner as well as replacing Microsoft's command line hotfix scanner, HFNetChk, by exposing full HFNetChk functionality via the MBSA command line interface. Below we will discuss some of the new features of the 1.1 release, highlighting some of the technical aspects that are not covered elsewhere. Microsoft documentation, including links to the product download, FAQ, and technical whitepaper, are available at the Microsoft MBSA Web site. It should be noted that MBSA was developed for Microsoft by Shavlik Technologies LLC by whom the authors of this paper are employed.
Product Overview
In addition to checking the standard fare (blank or easily guessed user passwords, auto-admin login, unnecessary services, etc), MBSA also scans for unprotected IIS servers; looking for Web servers that haven't run the IIS lockdown tool or that are still running the IIS sample code. Of particular value is MBSA's ability to scan multiple instances of SQL server, evaluating the SQL authentication mode, looking for blank SA password and checking for privilege escalation opportunities exposed via the SQL Server service account, among other items. While not many individuals are running full blown SQL installs, how many people are aware that many applications, such as Visio Enterprise, install mini-versions of SQL Server (known as MSDE) with a blank SA password?! MBSA 1.1 detects each installed SQL or MSDE instance and provides detailed remediation information.
MBSA can be executed via command line or graphical user interface. In either instance you can specify hostnames, IP address (including IP ranges), or domain names that you'd like to scan. Output is presented on a per host basis via an html interface built into MBSA. Data is saved in XML format on the MBSA host machine.
:strip_exif()/u/33743/icon.gif?f=community){kind=icon}
:strip_exif()/u/19605/nessie9kb.gif?f=community)
:strip_exif()/u/56159/archer.gif?f=community)