Have a Question?
How to Get Latest CVE from MSRC with PowerShell
Steps on how to get latest CVE from MSRC with PowerShell Module
Microsoft provides an API for programmatic access to security update details via Security Updates Guide in CVE(Common Vulnerability Reporting Format) which containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities.
Install MSRCSecurityUpdates PowerShell Module
Open PowerShell with Administrator Right, and
#Install Module
Install-Module MSRCSecurityUpdates -Force
#Import Module
Import-Module MSRCSecurityUpdates
Obtain the API Key from Microsoft Security Response Center (MSRC)
Go to Microsoft Security Response Center and click on Customer Guidance – Developer API Access
Login with Microsoft Personal Account, like outlook.my and generate API Key follow by the instruction provided (first time only)
Prepare the API Key
Obtain CVE List from MSRC with the API Key generated
$API_KEY = "9e845e1f86be481eb098220xxxxxxxx"
#Set API Key
Set-MSRCApiKey -ApiKey $API_KEY -Verbose
Get Latest CVE from MSRC with PowerShell
HTML Report for all CVE based based on Month
Get all the CVE on April 2020 and export it to C:\Temp\CVE_April2020.html
#Monthly Updates
$Month = '2020-Apr'
Get-MsrcCvrfDocument -ID $Month -Verbose | Get-MsrcSecurityBulletinHtml -Verbose | Out-File C:\Temp\CVE_April2020.html
Invoke-Item C:\Temp\CVE_April2020.html
HTML File Generated
All CVE on April, 2020 for all Microsoft products will be displayed
HTML Report for identified CVE only
To list identified CVEs only
#Enter the CVE ID
$CVEsWanted = @(
"CVE-2020-0784",
"CVE-2020-0794"
)
#Location of output HTML Report
$HTML_Report = "C:\Temp\CVE.html"
$CVRFDoc = Get-MsrcCvrfDocument -ID $Month -Verbose
$CVRFHtmlProperties = @{
Vulnerability = $CVRFDoc.Vulnerability | Where-Object { $_.CVE -in $CVEsWanted }
ProductTree = $CVRFDoc.ProductTree
}
#Generate the HTML Report
Get-MsrcVulnerabilityReportHtml @CVRFHtmlProperties -Verbose | Out-File $HTML_Report
#Open the HTML Report with Broswer
Invoke-Item $HTML_Report
HTML Report Generated
Only identified CVEs are displayed
HTML Report based on Server
Prepared a CSS file for the format of HTML Report
$Css="<style>
body {
font-family: cursive;
font-size: 14px;
color: #000000;
background: #FEFEFE;
}
#title{
color:#000000;
font-size: 30px;
font-weight: bold;
height: 50px;
margin-left: 0px;
padding-top: 10px;
}
#subtitle{
font-size: 16px;
margin-left:0px;
padding-bottom: 10px;
}
table{
width:100%;
border-collapse:collapse;
}
table td, table th {
border:1px solid #000000;
padding:3px 7px 2px 7px;
}
table th {
text-align:center;
padding-top:5px;
padding-bottom:4px;
background-color:#000000;
color:#fff;
}
table tr.alt td {
color:#000;
background-color:#EAF2D3;
}
</style>"
List CVEs related to Windows Server 2016 only
# Environment Variables
$HTMLReport = "C:\Temp\HTMLReport"+(Get-date -format yyyyMMdd)+".html"
$Title = "CVE List for Windows 2016 Server on "+((Get-Culture).DateTimeFormat.GetMonthName((Get-Date).Month))+" "+(Get-Date).year
$Header = "<div id='title'>$Title</div>$br
<div id='subtitle'>Report generated: $(Get-Date)</div>"
$ID = Get-MsrcCvrfDocument -ID '2020-Apr'
$ServerType = "Windows Server 2016"
$ProductName = Get-MsrcCvrfAffectedSoftware -Vulnerability $id.Vulnerability -ProductTree $id.ProductTree | ? FullProductName -like $ServerType
$Report = $ProductName | Select CVE, FullProductName, Severity, Impact, KBArticle | ConvertTo-Html
ConvertTo-Html -Title $Title -Head $Header -Body "$Css $Report" | Out-File $HTMLReport
HTML Report Generated
Schedule Weekly Email Report for CVE list
- Create a Task Scheduler to
- Execute C:\Script\CVE.ps1 on weekly at 9:00AM
- Run task scheduler with administrator
$Action = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "-ExecutionPolicy Bypass C:\Scripts\CVE.ps1"
$Trigger = New-ScheduledTaskTrigger -DaysOfWeek Wednesday -Weekly -At 9:00
Register-ScheduledTask -Action $Action -Trigger $Trigger -TaskName "CVEs list from MSRC" -Description "CVE List" -User "Lab\administrator" -Password 'P@ssw0rd!@#$'
GUI Settings
- Create a new PowerShell Script with the content below in C:\Scripts\CVE.ps1
### Load the module
Import-Module -Name MsrcSecurityUpdates
$API_KEY = "9e845e1f86be481eb098220d41154cee"
$Month = '2020-Apr'
#Set API Key
Set-MSRCApiKey -ApiKey $API_KEY -Verbose
# Environment Variables
$Css="<style>
body {
font-family: cursive;
font-size: 14px;
color: #000000;
background: #FEFEFE;
}
#title{
color:#000000;
font-size: 30px;
font-weight: bold;
height: 50px;
margin-left: 0px;
padding-top: 10px;
}
#subtitle{
font-size: 16px;
margin-left:0px;
padding-bottom: 10px;
}
table{
width:100%;
border-collapse:collapse;
}
table td, table th {
border:1px solid #000000;
padding:3px 7px 2px 7px;
}
table th {
text-align:center;
padding-top:5px;
padding-bottom:4px;
background-color:#000000;
color:#fff;
}
table tr.alt td {
color:#000;
background-color:#EAF2D3;
}
</style>"
$Title = "CVE List for Windows 2016 Server on "+((Get-Culture).DateTimeFormat.GetMonthName((Get-Date).Month))+" "+(Get-Date).year
$Header = "<div id='title'>$Title</div>$br
<div id='subtitle'>Report generated: $(Get-Date)</div>"
$Recipients = @("[email protected]")
$Sender = "[email protected]"
$SMTP_Server = "webmail.bernas.com.my"
$Server_Type = "Windows Server 2016"
$ID = Get-MsrcCvrfDocument -ID '2020-Apr'
$ProductName = Get-MsrcCvrfAffectedSoftware -Vulnerability $id.Vulnerability -ProductTree $id.ProductTree | ? FullProductName -like $Server_Type
$Report = $ProductName | Select CVE, FullProductName, Severity, Impact, KBArticle | ConvertTo-Html
$Subject = 'CVE List '+((Get-Culture).DateTimeFormat.GetMonthName((Get-Date).Month))+" "+(Get-Date).year
Send-MailMessage -To $recipients -From $Sender -Subject $Subject -Body "$Css $Header $Report" -SmtpServer $SMTP_Server -bodyasHTML
An Email with list of CVE Lists will be delivered to our inbox weekly at 9:00AM
