From b4bbcfefa942343ea8f11d5621a5e85d588f7edd Mon Sep 17 00:00:00 2001 From: dstrome Date: Wed, 13 Jan 2021 00:29:22 +0000 Subject: [PATCH 1/7] Initialize Docs repository: https://github.com/MicrosoftDocs/windows-docs-pr of branch master --- .openpublishing.publish.config.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 3e1c1d1d11..f9ebdac192 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -390,7 +390,7 @@ "elizapo@microsoft.com" ], "sync_notification_subscribers": [ - "daniha@microsoft.com" + "dstrome@microsoft.com" ], "branches_to_filter": [ "" @@ -431,9 +431,9 @@ "template_folder": "_themes.pdf" } }, - "need_generate_pdf": false, - "need_generate_intellisense": false, "docs_build_engine": { "name": "docfx_v3" - } -} + }, + "need_generate_pdf": false, + "need_generate_intellisense": false +} \ No newline at end of file From 9d726047980cc19578ad51ca1f12251d74fe0727 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 12 Jan 2021 21:47:01 -0800 Subject: [PATCH 2/7] returning MBSA topic --- .openpublishing.redirection.json | 5 --- .../mbsa-removal-and-guidance.md | 44 +++++++++++++++++++ 2 files changed, 44 insertions(+), 5 deletions(-) create mode 100644 windows/security/threat-protection/mbsa-removal-and-guidance.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index edaafad269..0cf060785e 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -16510,11 +16510,6 @@ "redirect_url": "https://docs.microsoft.com/mem/autopilot/windows-autopilot", "redirect_document_id": true }, - { - "source_path": "windows/security/threat-protection/mbsa-removal-and-guidance.md", - "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection", - "redirect_document_id": true - }, { "source_path": "windows/hub/windows-10.yml", "redirect_url": "https://docs.microsoft.com/windows/windows-10", diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/threat-protection/mbsa-removal-and-guidance.md new file mode 100644 index 0000000000..59f32f84e6 --- /dev/null +++ b/windows/security/threat-protection/mbsa-removal-and-guidance.md @@ -0,0 +1,44 @@ +--- +title: Guide to removing Microsoft Baseline Security Analyzer (MBSA) +description: This article documents the removal of Microsoft Baseline Security Analyzer (MBSA) and provides alternative solutions. +keywords: MBSA, security, removal +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.author: dansimp +author: dulcemontemayor +ms.date: 10/05/2018 +ms.reviewer: +manager: dansimp +--- + +# What is Microsoft Baseline Security Analyzer and its uses? + +Microsoft Baseline Security Analyzer (MBSA) is used to verify patch compliance. MBSA also performed several other security checks for Windows, IIS, and SQL Server. Unfortunately, the logic behind these additional checks had not been actively maintained since Windows XP and Windows Server 2003. Changes in the products since then rendered many of these security checks obsolete and some of their recommendations counterproductive. + +MBSA was largely used in situations where neither Microsoft Update nor a local WSUS or Configuration Manager server was available, or as a compliance tool to ensure that all security updates were deployed to a managed environment. While MBSA version 2.3 introduced support for Windows Server 2012 R2 and Windows 8.1, it has since been deprecated and no longer developed. MBSA 2.3 is not updated to fully support Windows 10 and Windows Server 2016. + +> [!NOTE] +> In accordance with our [SHA-1 deprecation initiative](https://aka.ms/sha1deprecation), the Wsusscn2.cab file is no longer dual-signed using both SHA-1 and the SHA-2 suite of hash algorithms (specifically SHA-256). This file is now signed using only SHA-256. Administrators who verify digital signatures on this file should now expect only single SHA-256 signatures. Starting with the August 2020 Wsusscn2.cab file, MBSA will return the following error "The catalog file is damaged or an invalid catalog." when attempting to scan using the offline scan file. + +## The Solution +A script can help you with an alternative to MBSA’s patch-compliance checking: + +- [Using WUA to Scan for Updates Offline](https://docs.microsoft.com/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline), which includes a sample .vbs script. +For a PowerShell alternative, see [Using WUA to Scan for Updates Offline with PowerShell](https://gallery.technet.microsoft.com/Using-WUA-to-Scan-for-f7e5e0be). + +For example: + +[![VBS script](images/vbs-example.png)](https://docs.microsoft.com/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline) +[![PowerShell script](images/powershell-example.png)](https://gallery.technet.microsoft.com/Using-WUA-to-Scan-for-f7e5e0be) + +The preceding scripts leverage the [WSUS offline scan file](https://support.microsoft.com/help/927745/detailed-information-for-developers-who-use-the-windows-update-offline) (wsusscn2.cab) to perform a scan and get the same information on missing updates as MBSA supplied. MBSA also relied on the wsusscn2.cab to determine which updates were missing from a given system without connecting to any online service or server. The wsusscn2.cab file is still available and there are currently no plans to remove or replace it. +The wsusscn2.cab file contains the metadata of only security updates, update rollups and service packs available from Microsoft Update; it does not contain any information on non-security updates, tools or drivers. + +## More Information + +For security compliance and for desktop/server hardening, we recommend the Microsoft Security Baselines and the Security Compliance Toolkit. + +- [Windows security baselines](windows-security-baselines.md) +- [Download Microsoft Security Compliance Toolkit 1.0](https://www.microsoft.com/download/details.aspx?id=55319) +- [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/) From 515a89a3428c3e4df151440f197f7bad073fb13e Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 12 Jan 2021 21:52:14 -0800 Subject: [PATCH 3/7] Update mbsa-removal-and-guidance.md --- .../security/threat-protection/mbsa-removal-and-guidance.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/threat-protection/mbsa-removal-and-guidance.md index 59f32f84e6..24bcf88c2d 100644 --- a/windows/security/threat-protection/mbsa-removal-and-guidance.md +++ b/windows/security/threat-protection/mbsa-removal-and-guidance.md @@ -6,8 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium ms.author: dansimp -author: dulcemontemayor -ms.date: 10/05/2018 +author: dansimp ms.reviewer: manager: dansimp --- From d5d0eea52c9b5bc15a8bb089d02194ce609faf19 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 13 Jan 2021 09:29:14 +0200 Subject: [PATCH 4/7] Update gov.md Update Windows 10 version 1803 required KB and marking as supported for GCC. --- .../security/threat-protection/microsoft-defender-atp/gov.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index 2942c525e6..165f8e65d7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -45,7 +45,7 @@ Windows 10, version 2004 (with [KB4586853](https://support.microsoft.com/help/44 Windows 10, version 1909 (with [KB4586819](https://support.microsoft.com/help/4586819)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Windows 10, version 1903 (with [KB4586819](https://support.microsoft.com/help/4586819)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Windows 10, version 1809 (with [KB4586839](https://support.microsoft.com/help/4586839)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) -Windows 10, version 1803 | ![No](../images/svg/check-no.svg) Rolling out | ![Yes](../images/svg/check-yes.svg) With [KB4499183](https://support.microsoft.com/help/4499183) +Windows 10, version 1803 (with [KB4586839](https://support.microsoft.com/help/4598245)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Windows 10, version 1709 | ![No](../images/svg/check-no.svg)
Note: Will not be supported | ![Yes](../images/svg/check-yes.svg) With [KB4499147](https://support.microsoft.com/help/4499147)
Note: [Deprecated](https://docs.microsoft.com/lifecycle/announcements/revised-end-of-service-windows-10-1709), please upgrade Windows 10, version 1703 and earlier | ![No](../images/svg/check-no.svg)
Note: Will not be supported | ![No](../images/svg/check-no.svg)
Note: Will not be supported Windows Server 2019 (with [KB4586839](https://support.microsoft.com/help/4586839)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) From 42f360182c1ec8164c1f6babeca0eee677565cf5 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 13 Jan 2021 09:45:49 +0200 Subject: [PATCH 5/7] Update gov.md Some Acrolinx fixes. --- .../threat-protection/microsoft-defender-atp/gov.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index 165f8e65d7..58e711d459 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -46,8 +46,8 @@ Windows 10, version 1909 (with [KB4586819](https://support.microsoft.com/help/45 Windows 10, version 1903 (with [KB4586819](https://support.microsoft.com/help/4586819)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Windows 10, version 1809 (with [KB4586839](https://support.microsoft.com/help/4586839)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Windows 10, version 1803 (with [KB4586839](https://support.microsoft.com/help/4598245)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) -Windows 10, version 1709 | ![No](../images/svg/check-no.svg)
Note: Will not be supported | ![Yes](../images/svg/check-yes.svg) With [KB4499147](https://support.microsoft.com/help/4499147)
Note: [Deprecated](https://docs.microsoft.com/lifecycle/announcements/revised-end-of-service-windows-10-1709), please upgrade -Windows 10, version 1703 and earlier | ![No](../images/svg/check-no.svg)
Note: Will not be supported | ![No](../images/svg/check-no.svg)
Note: Will not be supported +Windows 10, version 1709 | ![No](../images/svg/check-no.svg)
Note: Won't be supported | ![Yes](../images/svg/check-yes.svg) With [KB4499147](https://support.microsoft.com/help/4499147)
Note: [Deprecated](https://docs.microsoft.com/lifecycle/announcements/revised-end-of-service-windows-10-1709), please upgrade +Windows 10, version 1703 and earlier | ![No](../images/svg/check-no.svg)
Note: Won't be supported | ![No](../images/svg/check-no.svg)
Note: Won't be supported Windows Server 2019 (with [KB4586839](https://support.microsoft.com/help/4586839)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Windows Server 2016 | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) In development Windows Server 2012 R2 | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) In development @@ -100,7 +100,7 @@ GCC High | `https://login.microsoftonline.us` | `https://api-gov.securitycenter. ## Feature parity with commercial -Defender for Endpoint do not have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available that we'd like to highlight. +Defender for Endpoint does not have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available that we'd like to highlight. These are the known gaps as of January 2021: From 6d92e929b3db2fbda09bf768a044cfde76468b19 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 13 Jan 2021 09:56:09 +0200 Subject: [PATCH 6/7] Update gov.md --- .../security/threat-protection/microsoft-defender-atp/gov.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index 58e711d459..488bdb73d9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -100,7 +100,7 @@ GCC High | `https://login.microsoftonline.us` | `https://api-gov.securitycenter. ## Feature parity with commercial -Defender for Endpoint does not have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available that we'd like to highlight. +Defender for Endpoint doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available that we'd like to highlight. These are the known gaps as of January 2021: From c35d9dc74070e02efc8a0dc1fe5b15e587b26f38 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 13 Jan 2021 12:22:17 +0200 Subject: [PATCH 7/7] Update gov.md --- .../threat-protection/microsoft-defender-atp/gov.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index 488bdb73d9..6f872b82ce 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -40,12 +40,12 @@ The following OS versions are supported: OS version | GCC | GCC High :---|:---|:--- -Windows 10, version 20H2 (with [KB4586853](https://support.microsoft.com/help/4490481)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) -Windows 10, version 2004 (with [KB4586853](https://support.microsoft.com/help/4490481)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) +Windows 10, version 20H2 (with [KB4586853](https://support.microsoft.com/help/4586853)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) +Windows 10, version 2004 (with [KB4586853](https://support.microsoft.com/help/4586853)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Windows 10, version 1909 (with [KB4586819](https://support.microsoft.com/help/4586819)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Windows 10, version 1903 (with [KB4586819](https://support.microsoft.com/help/4586819)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Windows 10, version 1809 (with [KB4586839](https://support.microsoft.com/help/4586839)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) -Windows 10, version 1803 (with [KB4586839](https://support.microsoft.com/help/4598245)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) +Windows 10, version 1803 (with [KB4598245](https://support.microsoft.com/help/4598245)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Windows 10, version 1709 | ![No](../images/svg/check-no.svg)
Note: Won't be supported | ![Yes](../images/svg/check-yes.svg) With [KB4499147](https://support.microsoft.com/help/4499147)
Note: [Deprecated](https://docs.microsoft.com/lifecycle/announcements/revised-end-of-service-windows-10-1709), please upgrade Windows 10, version 1703 and earlier | ![No](../images/svg/check-no.svg)
Note: Won't be supported | ![No](../images/svg/check-no.svg)
Note: Won't be supported Windows Server 2019 (with [KB4586839](https://support.microsoft.com/help/4586839)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)