Release notes for MBSA version 2.0

Improvements and Changes in MBSA V2.0
Dropped Features and Workarounds
How to Correct Common Errors

Improvements and Changes in MBSA V2.0

MBSA 2.0 includes the most popular scanning abilities of previous versions and adds these additional features:

Access to the live Microsoft Update site for published content and detection logic as well as an offline catalog for customers with limited Internet access.
Compatible with Windows Server Update Services (Update Services)
Automatic determination of the client's assigned Update Services server, eliminating the need to specify the client's Update Services server before scanning and ensuring that the correct server will be used
Ability to provide a "not yet approved" score for Update Services administrators
Ability to run multiple copies of MBSA 2.0 for increased scanning performance of security misconfiguration scanning
Current Update Compliance appears in the report as well as in CLI (replaces the history functionality of previous versions of MBSA)
Support for running the tool side-by-side with MBSA 1.2.1 during migration
Updates that require a restart of the computer will be annotated as the reason for non-compliance
Accepts an input file of computers and IP addresses to be scanned
Reports can now be easily shared and viewed
Structured XML output offers simplified integration for update scanning
Ability to pass a specific username and password on the command line for both update scanning and security misconfiguration scanning
Option to automatically configure clients being scanned with the latest required version of Windows Update Agent needed for scanning
Specific Web links for locating updates and taking necessary actions
Elimination of the blue asterisk 'Note' message for security updates
Maximum bulletin severity and update package download links now available in report details

Localization:

MBSA releases are available for German, Japanese, and French.
The WSUSSCAN.CAB file is localized to all supported languages and will be automatically downloaded and used by the tool for any client language computer being scanned. Results are stored in the report based on the console installation language.

MBSA can scan for updates in the following products:

Microsoft Windows XP Embedded support (limited to remote scanning and limited to local scanning via the /xmlout command line switch)
Windows 64-bit editions support (for security update checks only)
Microsoft Office XP and later
Exchange Server 2000 and 2003
Windows 2000 Service Pack 3 and later
All Windows components (such as MSXML, MDAC, and Microsoft Virtual Machine)
SQL Server 2000 and later
Additional products as published to Microsoft Update

Additional Configuration Checks:

Incomplete Updates check - (for recently released updates that require a computer restart to take effect)

Additional MBSA CLI Switches:

/qt - (do not display the report output automatically after a single computer scan)
/nd - (do not download any files from the Microsoft Web site when scanning)
/nai - (do not attempt to install a newer version of Windows Update Agent if one is required for scanning)
/nm - (Do not configure computers to use the Microsoft Update site for scanning)

Replaced or modified MBSA CLI Switches:

/wi, /wa replace the /sus option
/catalog replaces the /x option
/xmlout replaces the /HF option
/target replaces the /i, /c and /h options
/listfile replaces the /fh and /fip options
/ld replaces the /v option

Removed MBSA CLI switches:

/n - (ranges and computer lists can be specified by the /r and /listfile options respectively)
/e - (structured output in XML can be parsed from the reports)
/history - (current update compliance is now always included when scanning)
/fq - (structured output in XML can be parsed from the reports)
/s, /sum, /nosum and /z - (Automatic Updates and Microsoft Update catalog detection logic is always used)
/o tab | wrap - (structured output in XML can be parsed from the reports)
/t - (multiple copies of MBSA may now be used on the same scanning computer)
/f - (console redirection can be used to write additional output to a file)

Dropped Features and Workarounds

Issue

Support for scanning all instances of Microsoft SQL Server / MSDE has been kept, however the name of the instance that is missing an update will not be returned, and the first instance that is missing a given update will cause that update to not be scanned for any further.

Workaround

To view the names of each instance that are missing that update, simply click the "Download" link and run the update installer. The installation wizard will list each instance by name and you can choose the instance upon which you want to install the update.

Issue

Reasons why an update is considered missing are not provided in this version of MBSA, however when an update has been installed and a computer restart is required for it to take effect, this reason will be provided in the report.

Workaround

The built-in logging of the Automatic Updates service can be used to inspect the detection behavior for troubleshooting.

Issue

Installation history (explicitly installed / effectively installed) no longer reflect those updates that have been superseded by another update. The behavior of this feature follows the behavior for missing updates, where only the most recent non-superseded update is shown.

Workaround

Refer to the bulletin, fixlist, or TechNet search page to identify each previous bulletin that has been included in the update in question from the Current Update Compliance listing.

Issue

Support for SUS 1.0 does not exist in MBSA 2.0.

Workaround

Upgrade from SUS 1.0 to Windows Server Update Services, or continue using MBSA 1.2.x to scan based on a SUS 1.0 configuration.

How to Correct Common Errors

For up-to-date information about troubleshooting MBSA setup and operations, see the Frequently Asked Questions at the Microsoft Web site.