Years ago I used the MS Baseline Security Analyzer to review vulnerabilities on my servers. MS has discontinued support of MBSA.
I have not used this new tool, but it appears that the Security Compliance Toolkit is the current preferred tool to do security analysis.