on your own for microsoft update monthly reports that look decent

Posted on by michael

A few months ago Microsoft changed how they tell us about product updates. Rather than give us neat little bulletins and MS18-001 style summaries, we have to now pull our own information from their repository. For most of us, this is annoying, since a month with 12 “updates” which themselves package an average of 6 actual updates for 5 affected products (30 actual patches per update, for example) used to still be one single “MS18-001 Description” entry in our ledgers. Now things are dirtier and annoying (change!).

But not all is bad. Now, enterprising persons can craft their own method and format for pulling monthly information out of the repository. Such as this code snippet which is simple enough to post here for illustration purposes, but was taken from github user JohnLaTwC:

## Uploaded by @JohnLaTwC
## Miss security bulletins?  Create them yourself in a few lines of PowerShell:

## First, get an API key to the MSRC Portal API
## Sign-in in here: https://portal.msrc.microsoft.com/en-us/developer, and click on the Developer tab, click the Show button on the API key.

## Install the MSRC PowerShell cmdlets, Run in an Admin PowerShell:
## Install-Module -Name MSRCSecurityUpdates -force

## In a normal user PowerShell:
Import-Module MSRCSecurityUpdates -Verbose:$false
Set-MSRCApiKey -ApiKey "your-api-key" 
$timeperiod = Get-Date -Format yyyy-MMM
# Older style report
#$fname = 'MSRCSecurityUpdates' + $timeperiod + '.html'
#Get-MsrcCvrfDocument -ID $timeperiod | Get-MsrcSecurityBulletinHtml | Out-File $fname
#Invoke-Item $fname 
# Newer style report
$fname_cve = 'MSRC_CVEs' + $timeperiod + '.html'
Get-MsrcCvrfDocument -ID $timeperiod | Get-MsrcVulnerabilityReportHtml | Out-File $fname_cve
Invoke-Item $fname_cve

This looks super simple, and it is, but that’s because the heavy lifting is in the requirements needed from the comments at the top of this code block. You need to get an API key and install the MSRC PowerShell cmdlets. Ok, that’s not really heavy, but there are options for decent-looking reports without spending a ton of time.

In a previous life, every month I would compile information about the monthly Microsoft patches. For general information, I would include the MS designation, name, description/details with context for my business, URL, and applicable KBs listed out.

I then also added a few contextual points by pulling in CVSS scores, exploitability index, MS severity, impact, and whether the details are publicly known into the same pane. I also added in the scoring for a few other key vendors/services for further context and our own personal resultant criticality.

The above report actually poops out almost all of this information. It’s not crazy pretty, but it’s not as bad as exporting directly from the repository. And it does give me much of what I had before, all told.

Leave a Reply

Your email address will not be published. Required fields are marked *