2014-09-19
MBSA 是 Microsoft 為系統管理員、安全性稽核人員和 IT 專業人員免費提供的最新版安全性與弱點評估掃描工具。
MBSA 是一個簡單易用的工具,設計讓 IT 專業人員協助中小型企業判斷其安全性狀態是否符合 Microsoft 的安全性建議,並會根據結果提供具體的矯正指示。使用 MBSA 偵測一般常犯的安全性設定錯誤和電腦系統所遺漏的安全性更新,以增強您的安全性管理流程。
官方下載
2013-11-12
http://www.microsoft.com/en-us/download/details.aspx?id=7558
命令列掃描結果
Security assessment: Incomplete Scan Computer name: WORKGROUP\WIN-AQ5MBV0BQQ5 IP address: 127.0.0.1 Security report name: WORKGROUP - WIN-AQ5MBV0BQQ5 (2014-9-18 下午 04-27) Scan date: 2014/9/18 下午 04:27 Scanned with MBSA version: 2.3.2208.0 Catalog synchronization date: Security update catalog: Microsoft Update Security Updates Scan Results Issue: Developer Tools, Runtimes, and Redistributables Security Updates Score: Check failed (critical) Result: 2 security updates are missing. Security Updates | MS12-021 | Missing | Security Update for Microsoft Visual Studio 2010 Service Pack 1 (KB2645410) | Important | | MS11-025 | Missing | Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243) | Important | Current Update Compliance | MS11-025 | Installed | Security Update for Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package (KB2565063) | Important | Issue: SQL Server Security Updates Score: Check failed (critical) Result: 1 security updates are missing. Security Updates | MS14-044 | Missing | Security Update for SQL Server 2014 (KB2977315) | Important | Current Update Compliance | MS06-061 | Installed | MSXML 6.0 RTM Security Update (925673) | Critical | Issue: Windows Security Updates Score: Check failed (critical) Result: 15 security updates are missing. 2 service packs or update rollups are missing. Security Updates | 2894856 | Missing | Security Update for Microsoft .NET Framework 4.5.1 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2894856) | | | MS14-053 | Missing | Security Update for Microsoft .NET Framework 4.5.1 and 4.5.2 on Windows 8.1 and Windows Server 2012 R2 x64-based Systems (KB2977765) | Important | | MS14-054 | Missing | Security Update for Windows Server 2012 R2 (KB2988948) | Important | | MS14-045 | Missing | Security Update for Windows Server 2012 R2 (KB2993651) | Important | | MS14-026 | Missing | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2931358) | Important | | MS14-046 | Missing | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2966828) | Important | | MS14-053 | Missing | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2973114) | Important | | 2894852 | Missing | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2894852) | | | MS14-045 | Missing | Security Update for Windows Server 2012 R2 (KB2976897) | Important | | MS14-046 | Missing | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2966826) | Important | | MS14-049 | Missing | Security Update for Windows Server 2012 R2 (KB2918614) | Important | | MS14-052 | Missing | Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB2977629) | Moderate | | MS14-051 | Missing | Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB2976627) | Moderate | | MS14-053 | Missing | Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2972213) | Important | | MS14-047 | Missing | Security Update for Windows Server 2012 R2 (KB2978668) | Important | Update Rollups and Service Packs | 2981580 | Missing | Update for Windows Server 2012 R2 (KB2981580) | | | 890830 | Missing | Windows Malicious Software Removal Tool for Windows 8, 8.1 and Windows Server 2012, 2012 R2 x64 Edition - September 2014 (KB890830) | | Current Update Compliance | MS14-036 | Installed | Security Update for Windows Server 2012 R2 (KB2964736) | Critical | | MS14-037 | Installed | Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB2962872) | Moderate | | MS14-027 | Installed | Security Update for Windows Server 2012 R2 (KB2926765) | Important | | 2920189 | Installed | Security Update for Windows Server 2012 R2 (KB2920189) | | | 2973351 | Installed | Security Update for Windows Server 2012 R2 (KB2973351) | | | MS14-033 | Installed | Security Update for Windows Server 2012 R2 (KB2939576) | Low | | MS14-031 | Installed | Security Update for Windows Server 2012 R2 (KB2957189) | Important | | MS14-026 | Installed | Security Update for Microsoft .NET Framework 4.5.1 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2931366) | Important | | 890830 | Installed | Windows Malicious Software Removal Tool for Windows 8, 8.1 and Windows Server 2012, 2012 R2 x64 Edition - July 2014 (KB890830) | | | MS14-018 | Installed | Windows Server 2012 R2 Update (KB2919355) | Critical | | MS14-036 | Installed | Security Update for Windows Server 2012 R2 (KB2964718) | Critical | | MS14-039 | Installed | Security Update for Windows Server 2012 R2 (KB2973201) | Important | | MS14-030 | Installed | Security Update for Windows Server 2012 R2 (KB2965788) | Important | | MS14-040 | Installed | Security Update for Windows Server 2012 R2 (KB2961072) | Important | Operating System Scan Results Administrative Vulnerabilities Issue: Local Account Password Test Score: Check passed Result: Some user accounts (1 of 2) have blank or simple passwords, or could not be analyzed. Detail: | User | Weak Password | Locked Out | Disabled | | Guest | Weak | - | Disabled | | Administrator | - | - | - | Issue: File System Score: Check passed Result: All hard drives (1) are using the NTFS file system. Detail: | Drive Letter | File System | | C: | NTFS | Issue: Password Expiration Score: Check failed (non-critical) Result: Some user accounts (1 of 2) have non-expiring passwords. Detail: | User | | Guest | Issue: Guest Account Score: Check passed Result: The Guest account is disabled on this computer. Issue: Autologon Score: Check passed Result: Autologon is not configured on this computer. Issue: Restrict Anonymous Score: Check passed Result: Computer is properly restricting anonymous access. Issue: Administrators Score: Check passed Result: No more than 2 Administrators were found on this computer. Detail: | User | | Administrator | Issue: Windows Firewall Score: Best practice Result: Windows Firewall is enabled and has exceptions configured. Windows Firewall is enabled on all network connections. Detail: | Connection Name | Firewall | Exceptions | | All Connections | On | Ports, Programs | | Ethernet0 | On | Ports*, Programs* | Issue: Automatic Updates Score: Check failed (non-critical) Result: Updates are not automatically downloaded or installed on this computer. Issue: Incomplete Updates Score: Best practice Result: No incomplete software update installations were found. Additional System Information Issue: Windows Version Score: Best practice Result: Computer is running Microsoft Windows Server 2012 R2. Issue: Auditing Score: Best practice Result: Neither Logon Success nor Logon Failure auditing are enabled. Enable auditing and turn on auditing for specific events such as logon and logoff. Be sure to monitor your event log to watch for unauthorized access. Issue: Shares Score: Best practice Result: 2 share(s) are present on your computer. Detail: | Share | Directory | Share ACL | Directory ACL | | ADMIN$ | C:\Windows | Admin Share | NT SERVICE\TrustedInstaller - F, NT AUTHORITY\SYSTEM - RWXD, BUILTIN\Administrators - RWXD, BUILTIN\Users - RX, APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES - RX | | C$ | C:\ | Admin Share | NT AUTHORITY\SYSTEM - F, BUILTIN\Administrators - F, BUILTIN\Users - RX | Issue: Services Score: Best practice Result: Some potentially unnecessary services are installed. Detail: | Service | State | | World Wide Web Publishing Service | Running | Internet Information Services (IIS) Scan Results Administrative Vulnerabilities Issue: IIS Status Score: Unable to scan Result: The IIS Common Files are not installed on the local computer. Refer to the system requirements list under Microsoft Baseline Security Analyzer Help. Issue: IIS Status Score: Unable to scan Result: The IIS Common Files are not installed on the local computer. Refer to the system requirements list under Microsoft Baseline Security Analyzer Help. Issue: IIS Status Score: Unable to scan Result: The IIS Common Files are not installed on the local computer. Refer to the system requirements list under Microsoft Baseline Security Analyzer Help. Issue: IIS Status Score: Unable to scan Result: The IIS Common Files are not installed on the local computer. Refer to the system requirements list under Microsoft Baseline Security Analyzer Help. Issue: IIS Status Score: Unable to scan Result: The IIS Common Files are not installed on the local computer. Refer to the system requirements list under Microsoft Baseline Security Analyzer Help. Issue: IIS Lockdown Tool Score: Check passed Result: The IIS Lockdown tool was developed for IIS 4.0, 5.0, and 5.1, and is not needed for new Windows Server 2003 installations running IIS 6.0. Additional System Information Issue: Domain Controller Test Score: Best practice Result: IIS is running on a machine that is not a domain controller. SQL Server Scan Results Instance (default) Administrative Vulnerabilities Issue: Domain Controller Test Score: Check passed Result: SQL Server and/or MSDE is not running on a domain controller. Issue: SQL Server/MSDE Security Mode Score: Check failed (non-critical) Result: SQL Server and/or MSDE authentication mode is set to SQL Server and/or MSDE and Windows (Mixed Mode). Issue: CmdExec role Score: Check passed Result: CmdExec is restricted to sysadmin only. Issue: Registry Permissions Score: Check passed Result: The Everyone group does not have more than Read access to the SQL Server and/or MSDE registry keys. Issue: Folder Permissions Score: Check passed Result: Detail: | Instance | Folder | User | | (default) | Internal error. | - | Issue: Sysadmin role members Score: Check passed Result: BUILTIN\Administrators group is not part of sysadmin role. Issue: Guest Account Score: Check passed Result: The Guest account is not enabled in any of the databases. Issue: Sysadmins Score: Check failed (non-critical) Result: More than 2 members of sysadmin role are present. Issue: Service Accounts Score: Unable to scan Result: SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts should not be members of the local Administrators group or run as LocalSystem. Detail: | Instance | Service | Account | Issue | | (default) | MSSQLServer | NT Service\MSSQLSERVER | This is a Domain Account. Baseline Security Analyzer cannot determine whether it belongs to the Domain Admins group due to the following error: 1212 指定的網域名稱格式不正確。 . | | (default) | SQLServerAgent | NT Service\SQLSERVERAGENT | This is a Domain Account. Baseline Security Analyzer cannot determine whether it belongs to the Domain Admins group due to the following error: 1212 指定的網域名稱格式不正確。 . | Issue: Password Policy Score: Check failed (critical) Result: Enable password expiration for the SQL server accounts. Issue: SSIS Roles Score: Check passed Result: The BUILTIN Admin does not belong to the SSIS roles. Issue: Sysdtslog Score: Check passed Result: Sysdtslogs90 table does not exist in the Master or MSDB databases Instance MSAS12.MSSQLSERVER Administrative Vulnerabilities Issue: Domain Controller Test Score: Check passed Result: SQL Server and/or MSDE is not running on a domain controller. Issue: SQL Server/MSDE Security Mode Score: Check failed (non-critical) Result: SQL Server and/or MSDE authentication mode is set to SQL Server and/or MSDE and Windows (Mixed Mode). Issue: CmdExec role Score: Check passed Result: CmdExec is restricted to sysadmin only. Issue: Registry Permissions Score: Check passed Result: The Everyone group does not have more than Read access to the SQL Server and/or MSDE registry keys. Issue: Folder Permissions Score: Check passed Result: Detail: | Instance | Folder | User | | MSAS12.MSSQLSERVER | Internal error. | - | Issue: Sysadmin role members Score: Check not performed Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。 Issue: Guest Account Score: Check not performed Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。 Issue: Sysadmins Score: Check not performed Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。 Issue: Service Accounts Score: Check passed Result: SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts are not members of the local Administrators group and do not run as LocalSystem. Issue: Password Policy Score: Check not performed Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。 Issue: SSIS Roles Score: Check not performed Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。 Issue: Sysdtslog Score: Check not performed Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。 Instance MSRS12.MSSQLSERVER Administrative Vulnerabilities Issue: Domain Controller Test Score: Check passed Result: SQL Server and/or MSDE is not running on a domain controller. Issue: SQL Server/MSDE Security Mode Score: Check failed (non-critical) Result: SQL Server and/or MSDE authentication mode is set to SQL Server and/or MSDE and Windows (Mixed Mode). Issue: CmdExec role Score: Check passed Result: CmdExec is restricted to sysadmin only. Issue: Registry Permissions Score: Check passed Result: The Everyone group does not have more than Read access to the SQL Server and/or MSDE registry keys. Issue: Folder Permissions Score: Check passed Result: Detail: | Instance | Folder | User | | MSRS12.MSSQLSERVER | Internal error. | - | Issue: Sysadmin role members Score: Check not performed Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。 Issue: Guest Account Score: Check not performed Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。 Issue: Sysadmins Score: Check not performed Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。 Issue: Service Accounts Score: Check passed Result: SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts are not members of the local Administrators group and do not run as LocalSystem. Issue: Password Policy Score: Check not performed Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。 Issue: SSIS Roles Score: Check not performed Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。 Issue: Sysdtslog Score: Check not performed Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。 Instance MSSQL12.MSSQLSERVER Administrative Vulnerabilities Issue: Domain Controller Test Score: Check passed Result: SQL Server and/or MSDE is not running on a domain controller. Issue: SQL Server/MSDE Security Mode Score: Check failed (non-critical) Result: SQL Server and/or MSDE authentication mode is set to SQL Server and/or MSDE and Windows (Mixed Mode). Issue: CmdExec role Score: Unable to scan Result: Error reading registry. If you are scanning a remote computer the Remote Registry service on that computer should be enabled. (13) Issue: Registry Permissions Score: Check passed Result: The Everyone group does not have more than Read access to the SQL Server and/or MSDE registry keys. Issue: Folder Permissions Score: Check failed (critical) Result: Permissions on the SQL Server and/or MSDE installation folders are not set properly. Detail: | Instance | Folder | User | | MSSQL12.MSSQLSERVER | C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn | \CREATOR OWNER | | MSSQL12.MSSQLSERVER | C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn | BUILTIN\Users | | MSSQL12.MSSQLSERVER | C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn | NT SERVICE\MSSQLSERVER | | MSSQL12.MSSQLSERVER | C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Data | \CREATOR OWNER | | MSSQL12.MSSQLSERVER | C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Data | NT SERVICE\MSSQLSERVER | Issue: Sysadmin role members Score: Check not performed Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。 Issue: Guest Account Score: Check not performed Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。 Issue: Sysadmins Score: Check not performed Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。 Issue: Service Accounts Score: Check passed Result: SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts are not members of the local Administrators group and do not run as LocalSystem. Issue: Password Policy Score: Check not performed Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。 Issue: SSIS Roles Score: Check not performed Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。 Issue: Sysdtslog Score: Check not performed Result: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server 不存在或拒絕存取。 Instance (default) (32-bit) Administrative Vulnerabilities Issue: Domain Controller Test Score: Check passed Result: SQL Server and/or MSDE is not running on a domain controller. Issue: SQL Server/MSDE Security Mode Score: Check failed (non-critical) Result: SQL Server and/or MSDE authentication mode is set to SQL Server and/or MSDE and Windows (Mixed Mode). Issue: CmdExec role Score: Check passed Result: CmdExec is restricted to sysadmin only. Issue: Registry Permissions Score: Check passed Result: The Everyone group does not have more than Read access to the SQL Server and/or MSDE registry keys. Issue: Folder Permissions Score: Check passed Result: Detail: | Instance | Folder | User | | (default) (32-bit) | Internal error. | - | Issue: Sysadmin role members Score: Check passed Result: BUILTIN\Administrators group is not part of sysadmin role. Issue: Guest Account Score: Check passed Result: The Guest account is not enabled in any of the databases. Issue: Sysadmins Score: Check failed (non-critical) Result: More than 2 members of sysadmin role are present. Issue: Service Accounts Score: Unable to scan Result: SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts should not be members of the local Administrators group or run as LocalSystem. Detail: | Instance | Service | Account | Issue | | (default) (32-bit) | MSSQLServer | NT Service\MSSQLSERVER | This is a Domain Account. Baseline Security Analyzer cannot determine whether it belongs to the Domain Admins group due to the following error: 1212 指定的網域名稱格式不正確。 . | | (default) (32-bit) | SQLServerAgent | NT Service\SQLSERVERAGENT | This is a Domain Account. Baseline Security Analyzer cannot determine whether it belongs to the Domain Admins group due to the following error: 1212 指定的網域名稱格式不正確。 . | Issue: Password Policy Score: Check failed (critical) Result: Enable password expiration for the SQL server accounts. Issue: SSIS Roles Score: Check passed Result: The BUILTIN Admin does not belong to the SSIS roles. Issue: Sysdtslog Score: Check passed Result: Sysdtslogs90 table does not exist in the Master or MSDB databases Desktop Application Scan Results Administrative Vulnerabilities Issue: IE Zones Score: Check passed Result: Internet Explorer zones have secure settings for all users. Issue: IE Enhanced Security Configuration for Administrators Score: Check failed (critical) Result: The use of Internet Explorer is not restricted for administrators on this server. Issue: IE Enhanced Security Configuration for Non-Administrators Score: Check failed (non-critical) Result: The use of Internet Explorer is not restricted for non-administrators on this server. Issue: Macro Security Score: Check not performed Result: No supported Microsoft Office products are installed. |
(完)
相關
Baseline Security Analyzer
https://docs.microsoft.com/zh-tw/security-updates/security/20214359
Microsoft Baseline Security Analyzer(MBSA)
http://www.netqna.com/2014/03/microsoft-baseline-security-analyzermbsa.html
[資訊安全]MBSA 遠端掃描
http://www.netqna.com/2014/03/mbsa.html
【工具】Microsoft Baseline Security Analyzer(MBSA)簡介及使用說明
https://dotblogs.com.tw/momodablue/2010/12/08/19996
沒有留言:
張貼留言