Known Issues in results

[tcox8]

I would like to request that the known issues and workarounds be returned in the results. I think adding this will give the ability to create reports for updates that have known issues and their workarounds.

I'm looking for the information similar to what is here under Symptom and Workaround: https://support.microsoft.com/en-us/office/november-10-2020%E2%80%94kb4586786-os-builds-18362-1198-and-18363-1198-b23de123-6684-df68-750d-b2dc5ab51041

[p0w3rsh3ll]

Hello,

Nice request and idea.

Currently, known issues have their dedicated page each month. Ex: https://msrc.microsoft.com/update-guide/en-us/releaseNote/2020-Nov

We can also see in the recent blog post https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/ that a known issue column can be added. As far as I know, the PowerShell module doesn't use and display it when the bulletin are created using the Get-MsrcVulnerabilityReportHtml function. I'll have a look how it can be added. If it can, I agree that it's a relevant information that needs to be displayed.

If you use this PowerShell module to create the html Bulletin, you can already find a Workaround section in every CVE. Workarounds appear in the html bulletin since the beginning.

[p0w3rsh3ll]

@tcox8 Hey, I've added the 'known issue' info to 2 functions. Can you have a look and test it? Currently , you need to download to the module from Github and not the PowerShell Gallery. The changes related to the "known issues" are in module version is 1.8.6 on Github (compared to 1.8.5 on the PSGallery).

[tcox8]

@p0w3rsh3ll I removed version 1.8.5. I had to go into each file and unblock it before I could import the 1.8.6 module. I am now however receiving the error "Cannot retrieve the dynamic parameters for the cmdlet. Unable to get online the list of CVRF ID". I'm sure it's something I've done wrong, but can you think of what may be causing that?

Here is what I am running: $cvrfDoc = Get-MsrcCvrfDocument -ID '2020-Nov'

[tcox8]

I removed the 1.8.6 module and reinstalled 1.8.5. The problem now exists with version 1.8.5 as well?!?

[p0w3rsh3ll]

Here is what I am running: $cvrfDoc = Get-MsrcCvrfDocument -ID '2020-Nov' You need to use first your API key and the cmdlet

Set-MSRCApiKey -ApiKey "<your API key>" -Verbose

You can have a look at this page on this GH repo that shows how to use the module.

I had to go into each file and unblock it before I could import the 1.8.6 module. To be able to unblock files, you can also use built-in PowerShell cmdlets. I usually do

dir ~/Downloads/location-where-zip-is-extracted/* -inc * -rec -for -ea 0 | Unblock-File -Verbose

[tcox8]

To clarify, I did set the API key using Set-MSRCApiKey first.

dir ~/Downloads/location-where-zip-is-extracted/ -inc -rec -for -ea 0 | Unblock-File -Verbose

Thanks!

[p0w3rsh3ll]

Ok, if you had an error some hours ago, it looks like there was a backend/server issue. Have a look at issue #75 api.msrc.microsoft.com returns Internal Server Error. With your API key set, is it now working? I'm using something like this:

Set-MSRCApiKey -ApiKey "<your API key>" -Verbose
$monthOfInterest = '2020-Nov'
$Output_Location = "C:\your\path\Bulletin-$($monthOfInterest).html"
$CVRFDoc = Get-MsrcCvrfDocument -ID $monthOfInterest -Verbose
$CVRFDoc | Get-MsrcVulnerabilityReportHtml -Verbose |
Out-File -FilePath $Output_Location -Encoding utf8

You'll find a known issues column added in the html file. Let's have a look at CVE-2020-16979 (about SharePoint) or CVE-2020-16997 (about Remote Desktop). I used these two vulnerabilities to create the known issues column + the page that references known issues this month

[tcox8]

Unfortunately, I'm still getting the error.

[p0w3rsh3ll]

Ok, I see. The problem is that there's a typo on the 2nd command when you define the month of interest variable. There's an extra 'e'. When you use the 4th command, the variable with the corrent spelling is empty and you get an error.

[tcox8]

Good catch! I removed the variable and still receive the error. P.S. thanks for your support on this!

[p0w3rsh3ll]

I had a look at the cmdlet, the dynamic parameter block and what it does. It uses the defined api-key to call a private function Get-CVRFID . If the call to this function in the dynamic parameter block fails, it throws the error you've: 'Unable to get online the list of CVRF ID' The function Get-CVRFID makes a call to the API online and does something like:

$HT = @{
 Api-Key = $global:MSRCApiKey
 uri = '{0}/Updates?{1}' -f $global:msrcApiUrl,$global:msrcApiVersion
 Headers = @{ 'Accept' = 'application/json'}
}
(Invoke-RestMethod @HT).Value

In your case, it should fail and say something different. You can try it by copy/paste in the same console where you defined your API key with Set-MSRCApiKey. Can you please post the error?

[tcox8]

I had to change it up a bit to get this to work. It didn't like the Api-Key (with or without quotes) being set. Instead I added it the the headers as shown below:

$HT.Headers.Add('Api-Key',$global:MSRCApiKey)

[tcox8]

Well...that error was obvious. I figured it out. I have been using the wrong API key (from a previous project). I am such an idiot. I am sorry for wasting your time! I will test out the known issues and report back.

[p0w3rsh3ll]

Troubleshooting is never a waste of time. I'll try to modify the error message so that anyone can immediately know why it fails. I concur after seeing the error message, it's obvious that there's a problem with the api key.

[tcox8]

Everything appears to be working well and looks great. Is there an option to list only updates WITH known issues? My end goal is to create a monthly document for my SysAdmins to see which updates are installing that month. And a separate document for updates that have known issues that needs to be vetted before the install. I hope that makes sense.

[p0w3rsh3ll]

Everything appears to be working well and looks great. Is there an option to list only updates WITH known issues? My end goal is to create a monthly document for my SysAdmins to see which updates are installing that month. And a separate document for updates that have known issues that needs to be vetted before the install. I hope that makes sense.

Yes, it makes sense. Maybe you can use the results of these commands to achieve your goal:

$cvrfDocument = Get-MsrcCvrfDocument -ID 2020-Nov
$cvrfDocument | Get-MsrcCvrfAffectedSoftware | ? {-not($_.'Known Issue') } | ogv
$cvrfDocument | Get-MsrcCvrfAffectedSoftware | ? {($_.'Known Issue') } | ogv