Mark - sorry for the delayed reply.
Since MBSA filters out updates that aren't of the three classes it supports
(service packs, rollups and security updates), MBSA wouldn't be helpful to
scan for all missing updates. For online scanning, Microsoft Update is the
best offering. WSUS Servers and SMS/SCCM will do the job well - but these
are likely dependencies you can't count on as an IT administrator unless
these are already part of your security and/or patch management strategy.
There are a number of 3rd party tools you could use. The Patch Management
Mailing List would be an excellent forum to get the best recommendations for
your specific needs. Consider subscribing to the mailing list at
http://www.patchmanagement.org/ for recommendations. I hope that helps...
Doug Neal [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for support on the Microsoft
Baseline Security Analyzer (MBSA). Information is available at the following
This e-mail address does not receive e-mail, but is used for newsgroup
"Mark" <***@discussions.microsoft.com> wrote in message
> Thank you Doug. I do see that information now in the FAQ, though not on
> MBSA home page.
> Does Microsoft offer a product that will let me do a full analysis of
> installed and missing updates on a group of computers? I am thinking of
> scenario when I, as an outsourced IT provider, go to a new client and want
> run a comprehensive scan on all of their computers.
> If MS does not offer this, are you aware of third-party tools that do?
> Thank you,
> "Doug Neal [MSFT]" wrote:
>> Mark - thank you for posting this to the MBSA newsgroup!
>> MBSA only reports missing Security Updates, Update Rollups (UR) or
>> Packs (SP) - nothing else. There are many high priority updates,
>> non-security updates, tools, drivers and other updates that are offered
>> Windows Update that - because they aren't one of the 3 critical security
>> classifications reported by MBSA - will not show up an an MBSA scan
>> 967715 is a non-security update. And although released as a high
>> update, isn't an SP, UR or security update taht MBSA scans and reports
>> against. This is covered on the MBSA home page (www.microsoft.com/mbsa)
>> the MBSA FAQ.
>> I hope that helps...
>> Doug Neal [MSFT]
>> This posting is provided "AS IS" with no warranties, and confers no
>> If newsgroup discussion with experts and MVPs is unable to solve a
>> to your satisfaction, feel free to contact PSS for support on the
>> Baseline Security Analyzer (MBSA). Information is available at the
>> This e-mail address does not receive e-mail, but is used for newsgroup
>> postings only.
>> "Mark" <***@discussions.microsoft.com> wrote in message
>> > I'm reviewing the patch status of a Windows 2003 R2 server.
>> > Windows Update lists KB967715 as a High Priority update and schedules
>> > it
>> > for
>> > immediate installation.
>> > MBSA 2.1 does not list KB967715 at all.
>> > Why do these two tools report different results?
>> > Thank you,
>> > Mark