M100733: Is it necessary to still deploy MBSA 1.2?

Summary

This article details the cirucmstances under which your organization may wish to keep using MBSA 1.2, and those under which you may choose to uninstall it. It details what products are supported by MBSA 1.2 and references other knowledge base articles on how to deploy the Microsoft Enterprise Scan Tools and Microsoft Office Update Inventory Tool.

With the release of MBSA 2.0, some organizations might consider whether it is necessary to still deploy MBSA 1.2.

Why use MBSA 1.2?

MBSA 1.2 may be deployed if one of the following conditions is met:

  • Your organization intends to still apply security patches for the following software releases:
    • Microsoft SQL Server 7.0
    • Microsoft SQL Server 2000 SP3a
    • Microsoft Host Integration Server 2000, 2004, and SNA Server 4.0
    • Microsoft BizTalk Server 2000, 2002, and 2004
    • Microsoft Commerce Server 2000 and 2002
    • Microsoft Content Management Server 2001 and 2002 
      Please see Microsoft KB article 895660 for further details.
  • Your organization has not yet rolled out a release of the ManageSoft client that supports MBSA 2.0. If your organization uses ManageSoft clients that are pre-7.2, you will need MBSA 1.2 installed.
  • Your organization has not yet rolled out the ManageSoft MBSA 2.0 plug-in package for compatible clients. If your organization uses ManageSoft clients that are 7.2.x, 7.5.x, or 7.6.x, these clients can use the ManageSoft MBSA 2.0 plug-in package to use MBSA 2.0 data for security analysis.

Why uninstall MBSA 1.2?

You may choose to uninstall MBSA 1.2 for any of the following reasons:

  • You no longer need to patch software versions that are not supported by MBSA 2.0.
  • Your ManageSoft administration server is using ManageSoft Security Manager release 7.7 or ManageSoft Security Patch Management release 7.6 and all your managed devices have release 7.7 of the ManageSoft client, or release 7.6 of the ManageSoft client with the MBSA 2.0 plug-in package installed.
  • You wish to reduce the amount of redundant information being generated and processed.
  • You wish to slightly improve client performance by not completing two MBSA scans.

After uninstalling or disabling MBSA 1.2, ManageSoft Security Manager and ManageSoft Security Patch Management 7.6 will continue to report security compliance.

Removing or not using MBSA 1.2

If none of the above conditions detailed in "Why use MBSA 1.2?" is met, you may choose to:

  • Uninstall or disable MBSA 1.2.
    This may be achieved using one of the following methods:
    • If your policy is configured to uninstall an application when it falls out of scope, you may uninstall MBSA 1.2 by removing the package from policy
    • Create an uninstall package that uninstalls the MBSA 1.2 package
    • Configure the following registry keys on your managed device to prevent MBSA 1.2 from running as part of a security policy or security analysis event: 
      a) HKLM\SOFTWARE\ManageSoft Corp\ManageSoft\Launcher\CurrentVersion\MBSACmdLine = ""
      b) HKLM\SOFTWARE\ManageSoft Corp\ManageSoft\Launcher\CurrentVersion\AnalyseMSSECURE ="False" 
      c) HKLM\SOFTWARE\ManageSoft Corp\ManageSoft\Tracker\CurrentVersion\AnalyseMSSECURE ="False"
  • Install MBSA 2.0.
  • Install the standalone package for the Microsoft Enterprise Scan Tools. Please refer to the ManageSoft KB article M100690 - Obtaining the latest version of Microsoft Enterprise ScanTools for use with ManageSoft Security Patch Management 7.6 onwards.

    This package will allow your organization to scan for updates to software versions that are not supported by MBSA 2.0 yet and should be installed as part of your security patch management strategy. Please see Microsoft KB article 895660 for details about products that are only covered by the Microsoft Enterprise Scan Tools.

Install the standalone package for the Microsoft Office Update Inventory Tool. Please refer to ManageSoft KB article M100719 - Obtaining the version 2.2 of the Microsoft Office UpdateInventory Tool for use with ManageSoft Security Patch Management 7.2 onwards.

This package will allow your organization to report compliance and deploy patches for Microsoft Office, and is still required even though MBSA 2.0 has been deployed.

Related Document

M100690: Obtaining the latest version of Microsoft Enterprise Scan Tools

M100719: Obtaining version 2.2 of the Microsoft Office Update Inventory Tool

 

 

Comments

Powered by Zendesk