How to specify which update to scan for in MBSA

[billybarty]

Hi all:
We are using SMS 2.0 and the MBSA to scan our systems for vulnerabilities for Q828028. I scan the subnet that I want with the Microsoft Baseline Security Analyzer and it shows all the security updates that are missing for all servers. This way I have to go into every report and see if MS-007 is one of the updates that is needed. Is there any way using this tool to scan systems for one specific vulnerability so that I can see which systems need the patch? Thanks in advance

 

[ceigl]

as far as I know MBSA checks ofr installed SW on the machine and compares it to the "built-in list" of patches and then throws out everything that is missing...

Cheers,
Chris

 

[billybarty]

Thanks for the post. I was able to creat a collection that was based on a query that specifies if the Q is applicable.
Thanks

 

[opssup]

Hi

Could you possibly share this query you wrote as I am in a similar position now with the Sasser patches and am still on SMS 2.0.

Thanks in advance.

 

[billybarty]

Here you go, it only shows systems that 835732 is applicable. Just paste it into a new SMS query and base the collection membership on that query. For other patches just copy it and change the Qnumber. Hope it helps.

select SMS_R_System.Name, SMS_R_System.LastLogonUserName, SMS_R_System.OperatingSystemNameandVersion, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.IPAddresses from SMS_R_System inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_PATCHSTATE on SMS_G_System_PATCHSTATE.ResourceID = SMS_G_System_SYSTEM.ResourceID where SMS_G_System_PATCHSTATE.QNumbers = "835732" and SMS_G_System_PATCHSTATE.Status = "Applicable"

 

[160irs]

Will this work on SMS 2 SP4 ?
I ask cos I get a syntax error and I cannot find a PATCHSTATE.Status when building the query .

Any ideas on how to get around this.