To easily assess the security state of Windows machines, Microsoft offers free Microsoft Baseline Security Analyzer scan tool. MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. "MBSA runs on Windows Server 2008 R2, Windows 7, Server 2008, Vista, Server 2003, XP and Windows 2000 systems and will scan for missing security updates, rollups and service packs using Microsoft Update technologies. MBSA will also scan for common security misconfigurations (also called Vulnerability Assessment checks) using a known list of less secure settings and configurations for all versions of Windows, IIS 5.0, 6.0 and 6.1, SQL Server 2000 and 2005, IE 5.01 and later, and Office 2000, 2002 and 2003 only."
To assess missing security updates, MBSA will only scan for missing security updates, update rollups and service packs available from Microsoft Update. MBSA willn't scan or report missing non-security updates, tools or drivers.
More Info: Download