search

microsoft / MSRC-Microsoft-Security-Updates-API

Repo with getting started projects for the Microsoft Security Updates API (msrc.microsoft.com/update-guide)
https://msrc.microsoft.com/update-guide
MIT License
366 stars 117 forks source link

All Vulnerabilities grouped by product #39

Closed ESL482 closed 5 years ago

ESL482 commented 5 years ago

May i know how to get HTML template ,which generates reports which are grouped into catagories rather than by each CVE , like if i want data of all the vulnerabilities that affect a certain product and platform.

craig-martin commented 5 years ago

Hi! The API returns CVRF documents, a schema from from ICASI. The mapping between CVE and Product is accomplished in CVRF using the ProductTree node. Each CVE then identifies the impacted products using the ProductID.

Here is a script snippet showing where this data is:

### Get a CVRF document
$cvrfdoc = Get-MsrcCvrfDocument -ID '2018-Nov'

### List all the CVE IDs in the CVRF document
$cvrfdoc.Vulnerability.CVE

### Mapping of ProductID to ProductName
$cvrfdoc.ProductTree.FullProductName

### Product IDs for a Vulnerability
$cvrfdoc.Vulnerability[0].ProductStatuses.ProductID`

The Get-MsrcCvrfAffectedSoftware function is used to create the HTML reports. It is a good example if you're looking to reuse something for a new HTML report.

ESL482 commented 5 years ago

Hi , Thanks for above. But i want to fetch data into one table like under Microsoft Browsers , there are multiple CVEs and similarly Microsoft ASP.NET there are 3 corresponding vulnerabilities CVE-2019-0545 ,CVE-2019-0548,CVE-2019-0564 for jan-2019 So i want to get data like cumulative update for Softwares , like given in the link https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-january-2019

please help to do this

craig-martin commented 5 years ago

Challenge accepted ;-)

Here's a script sample, let me know what you think.

### Get a CVRF document
$cvrfdoc = Get-MsrcCvrfDocument -ID '2019-Jan'

### Make a list of Remediations from the Vulnerability details
$remediations = $cvrfdoc.Vulnerability | ForEach-Object {
    $v = $_
    $v.Remediations | ForEach-Object {
        $r = $_
        $r.ProductID | ForEach-Object {
            $id = $_

            [PSCustomObject] @{                
                CVE = $v.CVE
                CveTitle = $v.Title.Value
                CveDescription = $($v.Notes | Where-Object Type -EQ 2 | Select-Object -First 1 -ExpandProperty Value)
                URL = $r.URL
                SubType = $r.SubType
                FullProductName = $(
                    $cvrfdoc.ProductTree.FullProductName  |    
                    Where-Object { $_.ProductID -eq $id} |    
                    Select-Object -ExpandProperty Value
                )
                Severity = $(
                    (
                        $v.Threats | 
                        Where-Object {$_.Type -eq 3 } | 
                        Where-Object { $_.ProductID -contains $id }
                    ).Description.Value
                )
            }
        }#r.ProductID
    } #v.Remediations    
}#cvrfdoc.Vulnerability

### Look at the remediations in a handy grid
$remediations | Out-GridView

### Look at the remediations sorted by URL
$remediations | Sort-Object URL | Format-Table CVE, URL, FullProductName
<#
CVE           URL                                  FullProductName
---           ---                                  ---------------
CVE-2019-0546 http://aka.ms/vs/15/release/latest   Microsoft Visual Studio 2017 version 15.9
CVE-2019-0537 https://aka.ms/vs/10/release/4476698 Microsoft Visual Studio 2010 Service Pack 1
CVE-2019-0537 https://aka.ms/vs/11/release/4476755 Microsoft Visual Studio 2012 Update 5
#>

### Group remediations by CVE (how many Remediations per CVE?)
$remediations | Group-Object CVE | Format-Table Count, Name -AutoSize
<#
Count Name
----- ----
   54 CVE-2019-0538
   54 CVE-2019-0536
   22 CVE-2019-0585
   37 ADV990001
   49 CVE-2019-0541
  126 CVE-2019-0545
    2 CVE-2019-0537
#>

### Group remediations by URL (how many CVEs per Remediation?)
$remediations | Group-Object URL | Format-Table Count, Name -AutoSize
<#
Count Name
----- ----
   76 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480964
   80 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480960
   36 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480972
   83 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480970
   37 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480975
   58 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480962
#>

### Group remediatitions by Product
$remediations | 
Group-Object FullProductName | ForEach-Object {
    Write-Host "`nRemediations for Product '$($PSItem.Name)'"
    Write-Host "--------------------------------------------"
    $PSItem.Group | Format-Table -AutoSize -Property CVE, Severity, URL
}
<#
Remediations for Product 'Windows 8.1 for 32-bit systems'
--------------------------------------------

CVE           Severity  URL
---           --------  ---
CVE-2019-0538 Important https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480964
CVE-2019-0538 Important https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480963
CVE-2019-0536 Important https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480964
CVE-2019-0536 Important https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480963
ADV990001     Critical  https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3173424
CVE-2019-0543 Important https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480964
CVE-2019-0543 Important https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480963
#>

# Group Remediations by FullProductName and output to a table
$remediations | 
Format-Table -AutoSize -GroupBy FullProductName -Property CVE, Severity, URL
<#
   FullProductName: Windows 8.1 for 32-bit systems

CVE           Severity  URL
---           --------  ---
CVE-2019-0538 Important https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480964
CVE-2019-0538 Important https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480963
CVE-2019-0536 Important https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480964
CVE-2019-0536 Important https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480963
ADV990001     Critical  https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3173424
CVE-2019-0543 Important https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480964
CVE-2019-0543 Important https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480963
CVE-2019-0549 Important https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480964
CVE-2019-0549 Important https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480963
#>
ESL482 commented 5 years ago

Hi Martin , i want cumulative data like below table for all Microsoft Tuesday patches ( Microsoft Browsers , Microsoft Office,Microsoft Exchange,Microsoft Windows Kernel,Microsoft Windows,Jet Database Engine

, Microsoft ASP.NET, Visual Studio,kype for Android) like visual studio 2 cves are affected those will be under Vulnerabilities in Security Update for Visual Studio

CVE Severity Description KB ID ( If possible)

1.       Vulnerabilities in Security Update for Visual Studio CVE-2019-0537 | High | An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file etc |   CVE-2019-0546 | High | A remote code execution vulnerability exists in Visual Studio software etc. |  

can we get data like above using APIs.

craig-martin commented 5 years ago

Most of what you're looking for is already in the Get-MsrcVulnerabilityReportHtml function, but I see what you're after and added a couple more examples to my reply above.