Abstract:
Using MBSA to audit computer to find 4 things need to be fixed, some missing update, some passwords are vulnerable. To fix these problems, update application and change the password policy to force users to change passwords.
Methods:
Got MBSA App 2.1 from Microsoft website and install it.
Get started to scam computer, it takes a little longer than expected to finish scan.
Finding 1:
Description: The Automatic Updates system service is not configured to be started as Automatic.
Mitigation: Since sometimes automatic updates is not always good to computer system and network, it is not necessary to update all the time. Keep this configuration not change, then regularly check the system service to determine which needs to be updated.
Finding 2:
Description: Some user accounts (4 of 6) have blank or simple passwords, or could not be analyzed.
Mitigation: change password policy and inforce the password security, let the users change their passwords.
Finding 3:
Description: a Virtual Box software update installation was not completed.
Mitigation: restart the computer immediately following the installation of security updates, both for protection and stability of the system.
Finding 4:
Description: Some user accounts (4 of 6) have non-expiring passwords
Mitigation: Set the password expiring for the users.
Audit plan:
Citations:
Cybersecurity Analyst+: Scan for Vulnerabilities using Microsoft Baseline Security Analyzer By: Dan Lachance
Microsoft Security Fundamentals: Microsoft Baseline Security Analyzer (MBSA) By: Travis Welton
Baseline Security Evaluation Checklist acm.org