How to Check for Missing Updates in Windows Server 2012 R2 and Windows 8.1

Posted on November 22, 2013 by Russell Smith in Security with

How can I find missing updates in Windows Server 2012 R2 and Windows 8.1?

Microsoft has updated the Baseline Security Analyzer (MBSA) to version 2.3, allowing IT administrators to scan networks for missing patches on Windows Server 2012 R2 and Windows 8.1.

While you can check for missing security updates on individual servers and PCs using Windows Update, the Microsoft Baseline Security Analyzer allows IT administrators to scan PCs and servers on a network for missing security updates, and vulnerabilities that might leave Windows exposed.

Downloading and Installing Microsoft Baseline Security Analyzer 2.3 (MBSA 2.3)

You can download Microsoft Baseline Security Analyzer 2.3 for free. The latest version adds support for Windows Server 2012 R2 and Windows 8.1, but drops support for Windows 2000. I recommend installing MBSA on a Windows 8 management PC, not on a server. Follow through the simple install procedure and then double-click the Microsoft Baseline Security Analyzer shortcut on the desktop.

Scanning Single Devices

Let’s start by scanning the computer on which MBSA is installed.

  • Under Tasks on the left of the main MBSA window, click Scan a computer.
  • On the Which computer do you want to scan? screen, the Computer name field should show the name of the current computer. Alternatively, you can chose another device or enter an IP address. In this example, I’m going to leave the current computer selected.
  • Leave all the default checks selected, and click Start Scan in the bottom right corner.

You may have noticed two options that are deselected. The Configure computers for Microsoft Update and scanning prerequisites option will update target devices with the latest Windows Update Agent (WUA) components to ensure scans are successful if required.

The Advanced Update Services options allow administrators to ensure that checks performed against computers managed by Windows Server Update Services (WSUS) return the correct results. If Scan using assigned Windows Update Services servers only is selected, devices not managed by WSUS are shown with an error message, so that unapproved security updates are not included in MBSA reports.


Viewing Reports

Once the scan has completed, you will be shown a summary of the collected information, with the option to review more details as required.

Microsoft Baseline Security Analyzer 2.3 (MBSA) report

To view existing reports from previous scans, you need to go back to the MBSA start page and click View security reports under Tasks in the left pane.

Scanning Multiple Computers

Before you can scan a remote computer, you must have access to the following services on the remote device:

  • Server service
  • Remote registry service
  • File and print sharing
  • Distributed COM (DCOM)

You must also run MBSA with an account that has local administrator permission on any remote devices being scanned.

  • Click Scan multiple computers under Tasks in the left pane of MBSA.
  • On the Which computers do you want to scan? screen, you can choose to scan all computers in a chosen domain or a defined IP address range.
  • When you have chosen the desired range, click Start Scan in the bottom right corner of MBSA.

All other scanning options are the same as for scanning a single device.


Tagged with , , ,

Register for this Webinar

Real World Solutions with Virtual Reality
Free Whitepaper Download

VR is being utilized for a surprising number of vital business functions today. In this white paper, you’ll get an overview of VR technology and see how it’s a vital part of many industries today.

Download the free whitepaper!