Unified Scanning Platform

A new patch scanning platform based on the Windows Update Agent (WUA) and the Microsoft Update (MU) Web service supports a variety of security and update scanning tools. The WUA (bottom) runs on each managed computer and maintains a local copy of a database (WSUSSCAN.CAB) with information about each patch, allowing a scanner to determine whether it is applicable. Database updates, patch downloads and installation, and patch scans are initiated through an API by one of two existing client-side scanning tools:

• The Automatic Update Service, which detects missing patches available on the free Windows Server Update Services (WSUS) corporate patch distribution server, and on the free MU Web site used by consumers.
• The Microsoft Baseline Security Analyzer (MBSA) 2.0, which detects both missing patches and configuration problems that weaken security.
• The new Systems Management Server (SMS) 2003 Inventory Tool for Microsoft Update (ITMU), which allows SMS clients to use the WUA infrastructure