Help with MBSA Results


  • Hello,

    I just ran a scan of a Windows Server 2008 SP2 Machine with SQL Server 2008 and I have some questions on the results. Through searching the forum I found previous answers but since the posts were at least five months old I want to make sure that what I found is still the case. 

    The first error I found was:

    CmdExec role

    Error reading registry. If you are scanning a remote computer the Remote Registry service on that computer should be enabled. (13)

    Is this still a bug that is yet to be fixed?

    The next error I found was:

    [DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied errors.

    Is it true that SQL Server 2008 is not supported by the Vulnerability Assessment checks? If not, is there a tool that can better server SQL Server 2008 users?

    Finally, the last error I found was:

    Permissions on the SQL Server and/or MSDE installation folders are not set properly

    Again, is this related to SQL 2008 not being supported by the VA checks? The accounts listed seem to be part of the system and removing them seems to have the ability to cause harm.

    Thank you for your time,


    21 februarie 2012 23:24


  • Thanks for posting in the MBSA forums.

    Yes - these errors could be false positives since the hard-coded vulnerability assessment (VA) checks are out-of-date and do not support SQL Server 2008.  The Security Update checks are dynamic and and use the always-up-to-date WIndows Update agent to perform security scans - so these are always accurate.  BUt the VA checks are old and aren't reliable past the Windows 7 (client) and WIndows Server 2003 (server) era.

    Doug Neal - Microsoft Update and MBSA

    22 februarie 2012 05:11