How does MBSA collect it's data?

Giganews Newsgroups
Subject: How does MBSA collect it's data?
Posted by:  Hasse (Has…
Date: Tue, 4 Sep 2007


I got the task of resolving why some patches aren't visible as installed by
MBSA. In my organisation patching is done eother on the client OR at the
installaion point, (read Office 2003). Now when the installation point is
patched there are, of course, no record of this patch being installed in
either ARP or the registry. MBSA doesn't report the patch being installed and
as a result the machine is deemed unsafe. My suspicion is that MBSA reads the
registry to determine what patches are installed. Can anyone confirm if this
is the case or if not, what does MBSA collect it's data? If it would read the
actual file versions of the computer everything would be OK but that seems
not to be the case.