With tons of popular and widely used products, Microsoft releases frequent patch updates to its customers. Microsoft usually releases patches on every second Tuesday of the month. The following screenshot shows the Microsoft patch update site with information on the latest patch releases:

In the absence of a centralized patch management system, one can individually download and apply Microsoft patches from the portal shown in the preceding screenshot.

It is essential to know the current state of patches on the system before we plan for an update. To make this task easier, Microsoft provides a utility called Microsoft Baseline Security Analyzer (MBSA). This utility can be downloaded from https://www.microsoft.com/en-in/download/details.aspx?id=7558.

The following screenshot shows the startup screen of MBSA:

We can select the Scan a computer option and proceed to the next screen, as shown in the following screenshot. We can then either scan the local system or the remote system by specifying the remote IP address. We also have the choice to select what should be included as part of our assessment:

Upon clicking Start Scan, the MBSA starts running the assessment on a predefined target, as shown in the following screenshot:

Once the scan is complete, the MBSA presents us with a detailed findings report, as shown in the following screenshot:

Based on the findings in the report, we can then decide to work on mitigations by applying missing patches and settings.