ZDI, a.k.a ZeroDayInitiative, has a nice chart about updates published by the MSRC
I wondered how I could get the same in a grid view with PowerShell…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Module MsrcSecurityUpdates | |
| (Get-MSRCCvrfDocument –ID "$((Get-Date).ToString('yyyy-MMM',[System.Globalization.CultureInfo]'en-US'))").Vulnerability | | |
| Foreach-Object { | |
| $v = $_ | |
| $Disclosed = $Exploited = $null | |
| $Disclosed = ([regex]'Publicly\sDisclosed:(?<D>(Yes|No));').Match("$(($v.Threats | Where-Object { $_.Type -eq 1}).Description.Value)") | | |
| Select-Object –ExpandProperty Groups| Select-Object –Last 1 –ExpandProperty Value | |
| $Exploited = ([regex]'Exploited:(?<E>(Yes|No));').Match("$(($v.Threats | Where-Object { $_.Type -eq 1}).Description.Value)") | | |
| Select-Object –ExpandProperty Groups| Select-Object –Last 1 –ExpandProperty Value | |
| [PSCustomObject]@{ | |
| CVEID = $v.CVE | |
| Tag = $($v.Notes | Where-Object { $_.Type -eq 7}).Value | |
| CNA = $($v.Notes | Where-Object {$_.Type -eq 8}).Value | |
| Title = $v.Title.Value | |
| Date = $($v.RevisionHistory | Select-Object –First 1 –ExpandProperty Date) | |
| Revision = $($v.RevisionHistory | Select-Object –First 1 –ExpandProperty Number) | |
| Severity = $( ($v.Threats | Where-Object { $_.Type -eq 3 }).Description | Select-Object –ExpandProperty Value –ErrorAction SilentlyContinue | Sort-Object –Unique) | |
| CVSS = '{0:N1}' -f $($v.CVSSScoreSets.BaseScore | Sort-Object –Unique | ForEach-Object { [double]$_} | Sort-Object –Descending | Select-Object –First 1) | |
| Public = $Disclosed | |
| Exploited = $Exploited | |
| Type = $( ($v.Threats | Where-Object { $_.Type -eq 0 }).Description | Select-Object –ExpandProperty Value –ErrorAction SilentlyContinue | Sort-Object –Unique) | |
| } | |
| } | | |
| Select-Object –Property CVEID,Title,Severity,CVSS,Public,Exploited,Type | | |
| Out-GridView |
Here’s what the result looks like for February 2022:
Advertisement
>_ 
Am I missing something here?
Import-Module: The specified module ‘MsrcSecurityUpdates’ was not loaded because no valid module file was found in any module directory.
You’ll need to install the module if not present.
Or you can download it and just load the module manually.
The module is here: https://www.powershellgallery.com/packages/MsrcSecurityUpdates
Thank you for this script. Is it possible to get the security updates for the day of Patch Tuesday only? Or does it get all updates for the month?
Yes, it’s possible.
The initial Get-MSRCCvrfDocument gets the updates of the current month.
All you need to do is the following:
– Add Date in the properties at line 28
– Add a filter at line 27 using a Where-Object
See for example https://gist.github.com/p0w3rsh3ll/12145c5a8278a18dc9160962c2198006
Is there a way to add the Release Date to the output? Microsoft’s site has this option because sometimes they reissue a patch. It would be helpful to see this added to the script. Thank you!
Yes, this what the code in the above gist does.
I am wondering why CVE-2021-26414 was not pulled into the report. This CVE was originally published a year ago but it was re-issued on June Patch Tuesday.
If it were possible to get these added to the report, it would be helpful to see these revisions with the original release date.
These were the other revision increments from the last Patch Tuesday:
* CVE-2021-26414
* CVE-2022-23267
* CVE-2022-24513
* CVE-2022-24527
* CVE-2022-26832
* CVE-2022-30190
Thank you!
The reason why CVE-2021-26414 is not pulled in the report is because it’s not part of the msrc cvrf document published this month. CVE-2021-26414 is in the msrc doc from June 2021.
You’re asking about tracking revisions. This is another purpose. A new piece of code would be required.
Let me also add that it’s not been reissued (would mean that there’s a new binary).
CVE-2021-26414 has only been revised to indicate that some other binaries released in June 2022 set the enforcement:
I feel I have pushed my luck to the limit but I would be interested in a report that generates these CVE revisions particularly since quite a few of them occur on Patch Tuesday. Thank you for the explainer and for all your expertise!