microsoft / MSRC-Microsoft-Security-Updates-API

Repo with getting started projects for the Microsoft Security Updates API (msrc.microsoft.com/update-guide)
https://msrc.microsoft.com/update-guide
MIT License
364 stars 114 forks source link

how to map product version from machine with product version in api #89

Open tma-prismo opened 3 years ago

tma-prismo commented 3 years ago

from the product id and the product name, how do we map to the information we get from the machine, for example, for product "SQL Server Manage Studio", the api has: { "ProductID": "11784", "Value": "SQL Server Management Studio 18.6" },

"wmic get product name, version, identifyingnumber" return {67FD1BCA-F06F-48F5-86E9-AC4EA982A775} SQL Server Management Studio 15.0.18338.0

the base product name matches, but the api seems to have product id and "external" version number, and the wmic has a build number, GUID, how do we map between these?

in this case the release note has the info, but is there a general method to do the mapping? https://docs.microsoft.com/en-us/sql/ssms/release-notes-ssms?view=sql-server-ver15

shardgupta commented 3 years ago

I am also looking for a general method to do this.

securevia1 commented 3 years ago

We also need this mapping. Can anyone suggest how to go about doing the mapping?

p0w3rsh3ll commented 3 years ago

I don't think that there's a general method to do this. Here we deal with the MSRC API that aims at communicating what vulnerabilities are found and fixed. It uses the CVRF industry standard format. There are other products that aim at scanning your devices and tell you what updates are missing. At Microsoft, you've Windows Update (WU), Microsoft Update (MU), WSUS, MBSA. Third party vendors also provide their scanner and some times do a better job at mapping the updates missing and what CVE should be fixed (they also provide their own API). At Microsoft (with the proper license), there's also Microsoft Defender for Endpoint that is able to do this matching for you. It has its own API. See this link. You'll want to explore the vulnerability part of the API. Note that this API is not limitied to Microsoft products. If you've other vulnerable products installed on the device, it'll tell you what vulnerabilities are found (CVE) and what's the known fix.