An example of a VA might be that permissions for one of the directories in the /www/root folder of IIS could be set at too low a level, allowing unwanted modification of files from outsiders.

Security update assessment is provided by an integrated version of Shavlik's HFNetChk 3.8 scan tool.

MBSA 2.0.1 was released to support the revised Windows Update (WU) offline scan file (WSUSSCN2.CAB).

MBSA 2.1 added Vista and Windows Server 2008 support, a new Vista-styled GUI interface, support for the latest Windows Update Agent (3.0), a new Remote Directory (/rd) feature and extended the VA checks to x64 platforms.

In the August 2012 Security Bulletin Webcast Q&A on Technet it was announced that "The current version of MBSA (2.2) will not support Windows 8 and Microsoft currently has no plans to release an updated version of the tool.