The MBSA reports more missing security updates when you use the SUS option on a Windows 2000, Windows Server 2003, or Windows XP-based computer (840673)

MORE INFORMATION

Microsoft Baseline Security Analyzer version 1.2 in default mode

When you run the MBSA in default mode, the MBSA downloads a Mssecure.cab file that matches the language of the computer that is being scanned and extracts a localized XML file for use in the scan. For example, if you remotely scan a Japanese Windows-based computer, MBSA will download the Japanese Mssecure.cab file that contains a localized Mssecure.xml file for use in the scan.

In default mode, the MBSA reports all the security updates that are not installed, but collapses all the updates that are outdated or superseded by more recent or cumulative updates.

Microsoft Baseline Security Analyzer version 1.2 with the SUS option

MBSA version 1.2 supports the option to scan for security updates by using a local SUS server. You can select this option in the MBSA user interface or in the MBSA command line interface. MBSA performs a scan with the SUS option by using the list of approved updates on the local SUS server, instead of by using the list of available updates that are listed in the Mssecure.xml file that is downloaded at run time.

When you run the MBSA with the SUS option, all the missing updates appear, even if they have been superseded by newer or cumulative updates. The MBSA scans your computer to determine whether all the updates that are approved by the SUS server are installed. This means that you will typically see more updates when you use a SUS server-based scan. You may not have to install all the updates that appear when you run the MBSA with the SUS option. If a security update is superseded by a later release or is part of a cumulative security update, you do not have to install the security update.