With the MBSA 1.0 it was relatively simple to use inside corporate firewalls, you just had to get a single file from Microsoft and you were away. As I discovered just recently, things are a little more difficult in MBSA 2.0.

Firstly MBSA 2.0 uses the new Windows Update Agent(WUA) API which is described by Microsoft as “a set of COM interfaces that enable system administrators and programmers to access Windows Update and Windows Server Update Services (WSUS).” The WUA is typically installed by going to Windows Update or turning on Automatic Updates but since this may not be possible in a testing or development environment here is what you need to do:

1. Go to Updating the Windows Update Agent
2. Click on the link to download wuredist.cab (http://update.microsoft.com/redist/wuredist.cab)
3. Extract the XML file from wuredist.cab
4. Open the XML. (The XML file contains a list of node that store the latest version information and download link for WUA.)
5. Find the architecture node that machines your platform and copy the downloadUrl entry. (For most people that will be x86)
6. Paste into a browser and download the file.
7. Also look at the MUAuthCab entry and copy the url into a browser and download the file.
8. Place these two files into %USERPROFILE%\Local Settings\Application Data\Microsoft\MBSA\2.0\Cache

Now go ahead and get the latest version of MBSA 2.0 from Microsoft and install it (http://www.microsoft.com/technet/security/tools/mbsahome.mspx)

The final step is to download a file called wsusscan.cab into %USERPROFILE%\Local Settings\Application Data\Microsoft\MBSA\2.0\Cache. wsusscan.cab can be obtained from here.

Now you can fire up MBSA 2.0 and scan to your hearts content. As a word of warning, make sure you update wsusscan.cab on a daily basis so that you have the most up-to-date patch information at hand.