(1) Follow the instructions on Microsoft website on how to download offline copies of MUAuth.cab, WUA (see below), WSUSSCN2.cab and WUREDIST.cab (click to download). You need all 4 to fix the stupid error "cannot load security CAB file".
(2) run the MBSA, then press abort. This will create the offline folder under C:\documents and settings\(local username)\Local settings\application data\microsoft\mbsa [for windows 2003] or %SystemDrive%\Users\UserName\AppData\Local\Microsoft\MBSA\Cache [for windows 2008 and up]. Do not create the folder yourself.
(3) Put in the 4 cab files into the folder.
(4) Make sure that the following options are not selected, and then click
Start scan.
- Check for Windows administrative vulnerabilities
- Check for weak passwords
- Check for IIS administrative vulnerabilities
- Check for SQL administrative vulnerabilities
Error # 1: "Computer has an older version of the client and security database demands a newer version. Current version is and minimum required version is ..."
This was a solution I read: the checkbox in the MBSA interface titled, "Configure computers for Microsoft Update and scanning prerequisites" needs to be checked for MBSA to automatically update the Windows Update Agent on the target machine (even if it's the local machine).
How I resolved? I used wsuoffline and updated everything. Then run the MBSA again.
Personally I feel that WSUS Offline and MBSA are a solid pairing. WSUS Offline will help to expedite patch deployment on offline machines (as a Germanophile, I am delighted to say that this is a german-made freeware. I think the only German-made software I hate is SAP). MBSA will help to check for missing patches. The WSUS Offline is not fool-proof. You can keep running the software from the DVD after you burn the ISO but it doesn't patch completely sometimes. The best remedy is to copy the entire disc contents to the local drive, and run it for a more complete job.
Note: you only have to download MBSA once (unless there is a new version) but you should download and replace the wsusscn2 every month for the scan.
To download the 4:
How I resolved? I used wsuoffline and updated everything. Then run the MBSA again.
Personally I feel that WSUS Offline and MBSA are a solid pairing. WSUS Offline will help to expedite patch deployment on offline machines (as a Germanophile, I am delighted to say that this is a german-made freeware. I think the only German-made software I hate is SAP). MBSA will help to check for missing patches. The WSUS Offline is not fool-proof. You can keep running the software from the DVD after you burn the ISO but it doesn't patch completely sometimes. The best remedy is to copy the entire disc contents to the local drive, and run it for a more complete job.
Note: you only have to download MBSA once (unless there is a new version) but you should download and replace the wsusscn2 every month for the scan.
To download the 4:
- Offline catalog (Wsusscn2.cab). This is the offline catalog file. Download it from http://go.microsoft.com/fwlink/?LinkId=76054. You need to download this every month.
- Authentication file (Muauth.cab). This authentication file allows the remote WUA client to respond to MBSA. Download it from http://go.microsoft.com/fwlink/?LinkId=90994.
- WUA standalone installer. If needed, the WUA
client on the target computer will be updated to the latest version. To
make these files available for offline use, download the appropriate (or
both) standalone installers from the following locations:
http://go.microsoft.com/fwlink/?LinkId=90992 (for x86 installer)
http://go.microsoft.com/fwlink/?LinkId=90993 (for x64 installer)
No comments:
Post a Comment