Patching and Scanning Tools Use Common Platform

Disparate software patching technologies are coming together into a unified patch-scanning and distribution platform from Microsoft. Specifically, the Windows Update Agent (WUA) provides a common patch-scanning engine, and the Microsoft Update (MU) Web service provides a single point for locating applicable patches. This common platform allows all Microsoft’s patch detection tools to provide better and more consistent results. However, the new infrastructure currently supports only a small subset of Microsoft products.

In July 2005, Microsoft updated the Microsoft Baseline Security Analyzer (MBSA) 2.0 to support the new platform, and in Aug. 2005, it released the Systems Management Server (SMS) 2003 Inventory Tool for Microsoft Update (ITMU) to allow SMS to use the new scanning platform.

Unification Key

Previous Microsoft patch-scanning tools, such as Windows Update client, Office Update client, MBSA, and SMS 2003, used their own scanning engines to detect whether critical patches were present on a system. These tools did not always provide complete and consistent results because different Microsoft products used completely different patching technologies (at one time as many as eight separate update engines), and some of these engines did not leave any trace that a file had been patched. In addition, many tools used different patch data files to provide the detection engine with information, such as the latest file version and size, necessary to detect patches. Keeping this patch-detection data accurate across all the tools was difficult. In addition, because it was so hard to update some tools in a timely manner, the Microsoft Security Response Center (MSRC) was forced to release patch-specific Enterprise Update Scan Tools (EST) to detect some critical patches.