2014年9月19日 星期五

[研究] Microsoft Baseline Security Analyzer 2.3 ( MBSA ) 弱點評估掃描工具

[研究] Microsoft Baseline Security Analyzer 2.3 ( MBSA ) 弱點評估掃描工具

2014-09-19

MBSA 是 Microsoft 為系統管理員、安全性稽核人員和 IT 專業人員免費提供的最新版安全性與弱點評估掃描工具。

MBSA 是一個簡單易用的工具,設計讓 IT 專業人員協助中小型企業判斷其安全性狀態是否符合 Microsoft 的安全性建議,並會根據結果提供具體的矯正指示。使用 MBSA 偵測一般常犯的安全性設定錯誤和電腦系統所遺漏的安全性更新,以增強您的安全性管理流程。

官方下載
2013-11-12
http://www.microsoft.com/en-us/download/details.aspx?id=7558


















命令列掃描結果



Security assessment: Incomplete Scan
Computer name: WORKGROUP\WIN-AQ5MBV0BQQ5
IP address: 127.0.0.1
Security report name: WORKGROUP - WIN-AQ5MBV0BQQ5 (2014-9-18 下午 04-27)
Scan date: 2014/9/18 下午 04:27
Scanned with MBSA version: 2.3.2208.0
Catalog synchronization date:
Security update catalog: Microsoft Update


  Security Updates Scan Results

    Issue:  Developer Tools, Runtimes, and Redistributables Security Updates
  Score:  Check failed (critical)
  Result: 2 security updates are missing.

Security Updates

| MS12-021 | Missing | Security Update for Microsoft Visual Studio 2010 Service Pack 1 (KB2645410) | Important |
| MS11-025 | Missing | Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243) | Important |

Current Update Compliance

| MS11-025 | Installed | Security Update for Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package (KB2565063) | Important |

    Issue:  SQL Server Security Updates
  Score:  Check failed (critical)
  Result: 1 security updates are missing.

Security Updates

| MS14-044 | Missing | Security Update for SQL Server 2014 (KB2977315) | Important |

Current Update Compliance

| MS06-061 | Installed | MSXML 6.0 RTM Security Update  (925673) | Critical |

    Issue:  Windows Security Updates
  Score:  Check failed (critical)
  Result: 15 security updates are missing. 2 service packs or update rollups are missing.

Security Updates

| 2894856 | Missing | Security Update for Microsoft .NET Framework 4.5.1 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2894856) |  |
| MS14-053 | Missing | Security Update for Microsoft .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012 R2 x64-based Systems (KB2977765) | Important |
| MS14-054 | Missing | Security Update for Windows Server 2012 R2 (KB2988948) | Important |
| MS14-045 | Missing | Security Update for Windows Server 2012 R2 (KB2993651) | Important |
| MS14-026 | Missing | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2931358) | Important |
| MS14-046 | Missing | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2966828) | Important |
| MS14-053 | Missing | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2973114) | Important |
| 2894852 | Missing | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2894852) |  |
| MS14-045 | Missing | Security Update for Windows Server 2012 R2 (KB2976897) | Important |
| MS14-046 | Missing | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2966826) | Important |
| MS14-049 | Missing | Security Update for Windows Server 2012 R2 (KB2918614) | Important |
| MS14-052 | Missing | Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB2977629) | Moderate |
| MS14-051 | Missing | Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB2976627) | Moderate |
| MS14-053 | Missing | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2972213) | Important |
| MS14-047 | Missing | Security Update for Windows Server 2012 R2 (KB2978668) | Important |

Update Rollups and Service Packs

| 2981580 | Missing | Update for Windows Server 2012 R2 (KB2981580) |  |
| 890830 | Missing | Windows Malicious Software Removal Tool for Windows 8, 8.1 and Windows Server 2012, 2012 R2 x64 Edition - September 2014 (KB890830) |  |

Current Update Compliance

| MS14-036 | Installed | Security Update for Windows Server 2012 R2 (KB2964736) | Critical |
| MS14-037 | Installed | Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB2962872) | Moderate |
| MS14-027 | Installed | Security Update for Windows Server 2012 R2 (KB2926765) | Important |
| 2920189 | Installed | Security Update for Windows Server 2012 R2 (KB2920189) |  |
| 2973351 | Installed | Security Update for Windows Server 2012 R2 (KB2973351) |  |
| MS14-033 | Installed | Security Update for Windows Server 2012 R2 (KB2939576) | Low |
| MS14-031 | Installed | Security Update for Windows Server 2012 R2 (KB2957189) | Important |
| MS14-026 | Installed | Security Update for Microsoft .NET Framework 4.5.1 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2931366) | Important |
| 890830 | Installed | Windows Malicious Software Removal Tool for Windows 8, 8.1 and Windows Server 2012, 2012 R2 x64 Edition - July 2014 (KB890830) |  |
| MS14-018 | Installed | Windows Server 2012 R2 Update (KB2919355) | Critical |
| MS14-036 | Installed | Security Update for Windows Server 2012 R2 (KB2964718) | Critical |
| MS14-039 | Installed | Security Update for Windows Server 2012 R2 (KB2973201) | Important |
| MS14-030 | Installed | Security Update for Windows Server 2012 R2 (KB2965788) | Important |
| MS14-040 | Installed | Security Update for Windows Server 2012 R2 (KB2961072) | Important |


  Operating System Scan Results

    Administrative Vulnerabilities

  Issue:  Local Account Password Test
  Score:  Check passed
  Result: Some user accounts (1 of 2) have blank or simple passwords, or could not be analyzed.
  Detail:
| User | Weak Password | Locked Out | Disabled |
| Guest | Weak | - | Disabled |
| Administrator | - | - | - |

  Issue:  File System
  Score:  Check passed
  Result: All hard drives (1) are using the NTFS file system.
  Detail:
| Drive Letter | File System |
| C: | NTFS |

  Issue:  Password Expiration
  Score:  Check failed (non-critical)
  Result: Some user accounts (1 of 2) have non-expiring passwords.
  Detail:
| User |
| Guest |

  Issue:  Guest Account
  Score:  Check passed
  Result: The Guest account is disabled on this computer.

  Issue:  Autologon
  Score:  Check passed
  Result: Autologon is not configured on this computer.

  Issue:  Restrict Anonymous
  Score:  Check passed
  Result: Computer is properly restricting anonymous access.

  Issue:  Administrators
  Score:  Check passed
  Result: No more than 2 Administrators were found on this computer.
  Detail:
| User |
| Administrator |

  Issue:  Windows Firewall
  Score:  Best practice
  Result: Windows Firewall is enabled and has exceptions configured. Windows Firewall is enabled on all network connections.
  Detail:
| Connection Name | Firewall | Exceptions |
| All Connections | On | Ports, Programs |
| Ethernet0 | On | Ports*, Programs* |

  Issue:  Automatic Updates
  Score:  Check failed (non-critical)
  Result: Updates are not automatically downloaded or installed on this computer.

  Issue:  Incomplete Updates
  Score:  Best practice
  Result: No incomplete software update installations were found.

Additional System Information

  Issue:  Windows Version
  Score:  Best practice
  Result: Computer is running Microsoft Windows Server 2012 R2.

  Issue:  Auditing
  Score:  Best practice
  Result: Neither Logon Success nor Logon Failure auditing are enabled. Enable auditing and turn on auditing for specific events such as logon and logoff. Be sure to monitor your event log to watch for unauthorized access.

  Issue:  Shares
  Score:  Best practice
  Result: 2 share(s) are present on your computer.
  Detail:
| Share | Directory | Share ACL | Directory ACL |
| ADMIN$ | C:\Windows | Admin Share | NT SERVICE\TrustedInstaller -  F, NT AUTHORITY\SYSTEM -  RWXD, BUILTIN\Administrators -  RWXD, BUILTIN\Users -  RX, APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES -  RX |
| C$ | C:\ | Admin Share | NT AUTHORITY\SYSTEM -  F, BUILTIN\Administrators -  F, BUILTIN\Users -  RX |

  Issue:  Services
  Score:  Best practice
  Result: Some potentially unnecessary services are installed.
  Detail:
| Service | State |
| World Wide Web Publishing Service | Running |


  Internet Information Services (IIS) Scan Results

Administrative Vulnerabilities

  Issue:  IIS Status
  Score:  Unable to scan
  Result: The IIS Common Files are not installed on the local computer. Refer to the system requirements list under Microsoft Baseline Security Analyzer Help.

  Issue:  IIS Status
  Score:  Unable to scan
  Result: The IIS Common Files are not installed on the local computer. Refer to the system requirements list under Microsoft Baseline Security Analyzer Help.

  Issue:  IIS Status
  Score:  Unable to scan
  Result: The IIS Common Files are not installed on the local computer. Refer to the system requirements list under Microsoft Baseline Security Analyzer Help.

  Issue:  IIS Status
  Score:  Unable to scan
  Result: The IIS Common Files are not installed on the local computer. Refer to the system requirements list under Microsoft Baseline Security Analyzer Help.

  Issue:  IIS Status
  Score:  Unable to scan
  Result: The IIS Common Files are not installed on the local computer. Refer to the system requirements list under Microsoft Baseline Security Analyzer Help.

  Issue:  IIS Lockdown Tool
  Score:  Check passed
  Result: The IIS Lockdown tool was developed for IIS 4.0, 5.0, and 5.1, and is not needed for new Windows Server 2003 installations running IIS 6.0.

Additional System Information

  Issue:  Domain Controller Test
  Score:  Best practice
  Result: IIS is running on a machine that is not a domain controller.


  SQL Server Scan Results

   Instance (default)

    Administrative Vulnerabilities

  Issue:  Domain Controller Test
  Score:  Check passed
  Result: SQL Server and/or MSDE is not running on a domain controller.

  Issue:  SQL Server/MSDE Security Mode
  Score:  Check failed (non-critical)
  Result: SQL Server and/or MSDE authentication mode is set to SQL Server and/or MSDE and Windows (Mixed Mode).

  Issue:  CmdExec role
  Score:  Check passed
  Result: CmdExec is restricted to sysadmin only.

  Issue:  Registry Permissions
  Score:  Check passed
  Result: The Everyone group does not have more than Read access to the SQL Server and/or MSDE registry keys.

  Issue:  Folder Permissions
  Score:  Check passed
  Result:
  Detail:
| Instance | Folder | User |
| (default) | Internal error. | - |

  Issue:  Sysadmin role members
  Score:  Check passed
  Result: BUILTIN\Administrators group is not part of sysadmin role.

  Issue:  Guest Account
  Score:  Check passed
  Result: The Guest account is not enabled in any of the databases.

  Issue:  Sysadmins
  Score:  Check failed (non-critical)
  Result: More than 2 members of sysadmin role are present.

  Issue:  Service Accounts
  Score:  Unable to scan
  Result: SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts should not be members of the local Administrators group or run as LocalSystem.
  Detail:
| Instance | Service | Account | Issue |
| (default) | MSSQLServer | NT Service\MSSQLSERVER | This is a Domain Account. Baseline Security Analyzer cannot determine whether it belongs to the Domain Admins group due to the following error:  1212 指定的網域名稱格式不正確。
. |
| (default) | SQLServerAgent | NT Service\SQLSERVERAGENT | This is a Domain Account. Baseline Security Analyzer cannot determine whether it belongs to the Domain Admins group due to the following error:  1212 指定的網域名稱格式不正確。
. |

  Issue:  Password Policy
  Score:  Check failed (critical)
  Result: Enable password expiration for the SQL server accounts.

  Issue:  SSIS Roles
  Score:  Check passed
  Result: The BUILTIN Admin does not belong to the SSIS roles.

  Issue:  Sysdtslog
  Score:  Check passed
  Result: Sysdtslogs90 table does not exist in the Master or MSDB databases


   Instance MSAS12.MSSQLSERVER

    Administrative Vulnerabilities

  Issue:  Domain Controller Test
  Score:  Check passed
  Result: SQL Server and/or MSDE is not running on a domain controller.

  Issue:  SQL Server/MSDE Security Mode
  Score:  Check failed (non-critical)
  Result: SQL Server and/or MSDE authentication mode is set to SQL Server and/or MSDE and Windows (Mixed Mode).

  Issue:  CmdExec role
  Score:  Check passed
  Result: CmdExec is restricted to sysadmin only.

  Issue:  Registry Permissions
  Score:  Check passed
  Result: The Everyone group does not have more than Read access to the SQL Server and/or MSDE registry keys.

  Issue:  Folder Permissions
  Score:  Check passed
  Result:
  Detail:
| Instance | Folder | User |
| MSAS12.MSSQLSERVER | Internal error. | - |

  Issue:  Sysadmin role members
  Score:  Check not performed
  Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。

  Issue:  Guest Account
  Score:  Check not performed
  Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。

  Issue:  Sysadmins
  Score:  Check not performed
  Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。

  Issue:  Service Accounts
  Score:  Check passed
  Result: SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts are not members of the local Administrators group and do not run as LocalSystem.

  Issue:  Password Policy
  Score:  Check not performed
  Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。

  Issue:  SSIS Roles
  Score:  Check not performed
  Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。

  Issue:  Sysdtslog
  Score:  Check not performed
  Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。


   Instance MSRS12.MSSQLSERVER

    Administrative Vulnerabilities

  Issue:  Domain Controller Test
  Score:  Check passed
  Result: SQL Server and/or MSDE is not running on a domain controller.

  Issue:  SQL Server/MSDE Security Mode
  Score:  Check failed (non-critical)
  Result: SQL Server and/or MSDE authentication mode is set to SQL Server and/or MSDE and Windows (Mixed Mode).

  Issue:  CmdExec role
  Score:  Check passed
  Result: CmdExec is restricted to sysadmin only.

  Issue:  Registry Permissions
  Score:  Check passed
  Result: The Everyone group does not have more than Read access to the SQL Server and/or MSDE registry keys.

  Issue:  Folder Permissions
  Score:  Check passed
  Result:
  Detail:
| Instance | Folder | User |
| MSRS12.MSSQLSERVER | Internal error. | - |

  Issue:  Sysadmin role members
  Score:  Check not performed
  Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。

  Issue:  Guest Account
  Score:  Check not performed
  Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。

  Issue:  Sysadmins
  Score:  Check not performed
  Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。

  Issue:  Service Accounts
  Score:  Check passed
  Result: SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts are not members of the local Administrators group and do not run as LocalSystem.

  Issue:  Password Policy
  Score:  Check not performed
  Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。

  Issue:  SSIS Roles
  Score:  Check not performed
  Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。

  Issue:  Sysdtslog
  Score:  Check not performed
  Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。


   Instance MSSQL12.MSSQLSERVER

    Administrative Vulnerabilities

  Issue:  Domain Controller Test
  Score:  Check passed
  Result: SQL Server and/or MSDE is not running on a domain controller.

  Issue:  SQL Server/MSDE Security Mode
  Score:  Check failed (non-critical)
  Result: SQL Server and/or MSDE authentication mode is set to SQL Server and/or MSDE and Windows (Mixed Mode).

  Issue:  CmdExec role
  Score:  Unable to scan
  Result: Error reading registry. If you are scanning a remote computer the Remote Registry service on that computer should be enabled. (13)

  Issue:  Registry Permissions
  Score:  Check passed
  Result: The Everyone group does not have more than Read access to the SQL Server and/or MSDE registry keys.

  Issue:  Folder Permissions
  Score:  Check failed (critical)
  Result: Permissions on the SQL Server and/or MSDE installation folders are not set properly.
  Detail:
| Instance | Folder | User |
| MSSQL12.MSSQLSERVER | C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn | \CREATOR OWNER |

| MSSQL12.MSSQLSERVER | C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn | BUILTIN\Users |
| MSSQL12.MSSQLSERVER | C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn | NT SERVICE\MSSQLSERVER |
| MSSQL12.MSSQLSERVER | C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Data | \CREATOR OWNER |
| MSSQL12.MSSQLSERVER | C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Data | NT SERVICE\MSSQLSERVER |

  Issue:  Sysadmin role members
  Score:  Check not performed
  Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。

  Issue:  Guest Account
  Score:  Check not performed
  Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。

  Issue:  Sysadmins
  Score:  Check not performed
  Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。

  Issue:  Service Accounts
  Score:  Check passed
  Result: SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts are not members of the local Administrators group and do not run as LocalSystem.

  Issue:  Password Policy
  Score:  Check not performed
  Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。

  Issue:  SSIS Roles
  Score:  Check not performed
  Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。

  Issue:  Sysdtslog
  Score:  Check not performed
  Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。


   Instance (default) (32-bit)

    Administrative Vulnerabilities

  Issue:  Domain Controller Test
  Score:  Check passed
  Result: SQL Server and/or MSDE is not running on a domain controller.

  Issue:  SQL Server/MSDE Security Mode
  Score:  Check failed (non-critical)
  Result: SQL Server and/or MSDE authentication mode is set to SQL Server and/or MSDE and Windows (Mixed Mode).

  Issue:  CmdExec role
  Score:  Check passed
  Result: CmdExec is restricted to sysadmin only.

  Issue:  Registry Permissions
  Score:  Check passed
  Result: The Everyone group does not have more than Read access to the SQL Server and/or MSDE registry keys.

  Issue:  Folder Permissions
  Score:  Check passed
  Result:
  Detail:
| Instance | Folder | User |
| (default) (32-bit) | Internal error. | - |

  Issue:  Sysadmin role members
  Score:  Check passed
  Result: BUILTIN\Administrators group is not part of sysadmin role.

  Issue:  Guest Account
  Score:  Check passed
  Result: The Guest account is not enabled in any of the databases.

  Issue:  Sysadmins
  Score:  Check failed (non-critical)
  Result: More than 2 members of sysadmin role are present.

  Issue:  Service Accounts
  Score:  Unable to scan
  Result: SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts should not be members of the local Administrators group or run as LocalSystem.
  Detail:
| Instance | Service | Account | Issue |
| (default) (32-bit) | MSSQLServer | NT Service\MSSQLSERVER | This is a Domain Account. Baseline Security Analyzer cannot determine whether it belongs to the Domain Admins group due to the following error:  1212 指定的網域名稱格式不正確。
. |
| (default) (32-bit) | SQLServerAgent | NT Service\SQLSERVERAGENT | This is a Domain Account. Baseline Security Analyzer cannot determine whether it belongs to the Domain Admins group due to the following error:  1212 指定的網域名稱格式不正確。
. |

  Issue:  Password Policy
  Score:  Check failed (critical)
  Result: Enable password expiration for the SQL server accounts.

  Issue:  SSIS Roles
  Score:  Check passed
  Result: The BUILTIN Admin does not belong to the SSIS roles.

  Issue:  Sysdtslog
  Score:  Check passed
  Result: Sysdtslogs90 table does not exist in the Master or MSDB databases


  Desktop Application Scan Results

Administrative Vulnerabilities

  Issue:  IE Zones
  Score:  Check passed
  Result: Internet Explorer zones have secure settings for all users.

  Issue:  IE Enhanced Security Configuration for Administrators
  Score:  Check failed (critical)
  Result: The use of Internet Explorer is not restricted for administrators on this server.

  Issue:  IE Enhanced Security Configuration for Non-Administrators
  Score:  Check failed (non-critical)
  Result: The use of Internet Explorer is not restricted for non-administrators on this server.

  Issue:  Macro Security
  Score:  Check not performed
  Result: No supported Microsoft Office products are installed.



(完)

相關

Baseline Security Analyzer
https://docs.microsoft.com/zh-tw/security-updates/security/20214359

Microsoft Baseline Security Analyzer(MBSA)
http://www.netqna.com/2014/03/microsoft-baseline-security-analyzermbsa.html

[資訊安全]MBSA 遠端掃描
http://www.netqna.com/2014/03/mbsa.html

【工具】Microsoft Baseline Security Analyzer(MBSA)簡介及使用說明
https://dotblogs.com.tw/momodablue/2010/12/08/19996

沒有留言:

張貼留言