Udostępnij za pośrednictwem

MBSA 2.0 on Embedded devices

  • Artykuł

The latest version of Microsoft Base Security Analyzer, MBSA 2.0, has recently been released for download – this allows Embedded IT Professionals to remotely scan their networks and identify machines with potential vulnerabilities. When used on Embedded devices it may require a little more interpretation of the results, based on knowledge of what features are in the runtime and what functionality their device supports, but it can be useful at providing an added level of confidence.

Here are some caveats to using MBSA 2.0-

1. This version of MBSA can only be successfully used against XP Embedded devices *remotely*, not running on the local device.
2. Add the “Remote Registry” and “File Sharing” components to your runtime.
3. Ensure that the Administrator account has a password (this is to enable proper file sharing)
4. Ensure that the workgroup is all the same for the target computers.
5. Install and boot your runtime.
6. After XPe is done installing share out a folder to the network. Ensure that other computers can access this share (After typing in the username [Administrator] and password).
7. On your Scanning machine – point MBSACLI to scan your remote computer(s).

The command line against MBSACLI should be something along the lines of:
MBSACLI /c workgroup\computername /n Updates /u machinename\Administrator /p password

Items of note:

• “The Automatic Updates feature is not installed on this computer. Please upgrade to the latest Service Pack to obtain this feature and then use the Control Panel to configure Automatic Updates” – this is occurring because Windows Update / Automatic Update is not enabled in XPe. This is by design.

• If “/n Updates” is not specified on the command line – all reports provided back to MBSA will be both marked as “Incomplete Scan” and have an item at the top of the report which states “Cannot contact Windows Update Agent on target computer, possibly due to firewall settings.” This is also due to the fact that XPe does not support Windows Update / Automatic Update. This is by design.

• Embedded users should consider disabling the items which do not apply to their XPe image– for instance – checking to ensure that the MBSA is up to date, IIS (when it’s not installed), etc.

- Lynda