Contents

How to Get Latest CVE from MSRC with PowerShell

You are here:
← All Topics

Steps on how to get latest CVE from MSRC with PowerShell Module

Microsoft provides an API for programmatic access to security update details via Security Updates Guide in CVE(Common Vulnerability Reporting Format) which containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities.

Install MSRCSecurityUpdates PowerShell Module

Open PowerShell with Administrator Right, and

#Install Module
Install-Module MSRCSecurityUpdates -Force 
#Import Module
Import-Module MSRCSecurityUpdates

Obtain the API Key from Microsoft Security Response Center (MSRC)

Go to Microsoft Security Response Center and click on Customer Guidance – Developer API Access

get latest CVE from MSRC with PowerShell

Login with Microsoft Personal Account, like outlook.my and generate API Key follow by the instruction provided (first time only)

get latest CVE from MSRC with PowerShell

Prepare the API Key

Obtain CVE List from MSRC with the API Key generated

$API_KEY = "9e845e1f86be481eb098220xxxxxxxx"

#Set API Key
Set-MSRCApiKey -ApiKey $API_KEY -Verbose

Get Latest CVE from MSRC with PowerShell

HTML Report for all CVE based based on Month

Get all the CVE on April 2020 and export it to C:\Temp\CVE_April2020.html

#Monthly Updates 
$Month = '2020-Apr'
Get-MsrcCvrfDocument -ID $Month -Verbose | Get-MsrcSecurityBulletinHtml -Verbose | Out-File C:\Temp\CVE_April2020.html 
Invoke-Item C:\Temp\CVE_April2020.html

HTML File Generated

All CVE on April, 2020 for all Microsoft products will be displayed

HTML Report for identified CVE only

To list identified CVEs only

#Enter the CVE ID
$CVEsWanted = @(
    "CVE-2020-0784", 
    "CVE-2020-0794"
)
#Location of output HTML Report
$HTML_Report = "C:\Temp\CVE.html"

$CVRFDoc = Get-MsrcCvrfDocument -ID $Month -Verbose
$CVRFHtmlProperties = @{
    Vulnerability = $CVRFDoc.Vulnerability | Where-Object { $_.CVE -in $CVEsWanted }
    ProductTree   = $CVRFDoc.ProductTree
}
#Generate the HTML Report
Get-MsrcVulnerabilityReportHtml @CVRFHtmlProperties -Verbose | Out-File $HTML_Report
#Open the HTML Report with Broswer
Invoke-Item $HTML_Report

HTML Report Generated

Only identified CVEs are displayed

HTML Report based on Server

Prepared a CSS file for the format of HTML Report

 $Css="<style>
body {
    font-family: cursive;
    font-size: 14px;
	color: #000000;
	background: #FEFEFE;
}
#title{
	color:#000000;
	font-size: 30px;
	font-weight: bold;
	height: 50px;
    margin-left: 0px;
    padding-top: 10px;
}

#subtitle{
	font-size: 16px;
	margin-left:0px;
    padding-bottom: 10px;
}

table{
	width:100%;
	border-collapse:collapse;
}
table td, table th {
	border:1px solid #000000;
	padding:3px 7px 2px 7px;
}
table th {
	text-align:center;
	padding-top:5px;
	padding-bottom:4px;
	background-color:#000000;
color:#fff;
}
table tr.alt td {
	color:#000;
	background-color:#EAF2D3;
}
</style>"

List CVEs related to Windows Server 2016 only

# Environment Variables
$HTMLReport = "C:\Temp\HTMLReport"+(Get-date -format yyyyMMdd)+".html"
$Title = "CVE List for Windows 2016 Server on "+((Get-Culture).DateTimeFormat.GetMonthName((Get-Date).Month))+" "+(Get-Date).year
$Header = "<div id='title'>$Title</div>$br
                <div id='subtitle'>Report generated: $(Get-Date)</div>"

$ID = Get-MsrcCvrfDocument -ID '2020-Apr'
$ServerType = "Windows Server 2016"

$ProductName = Get-MsrcCvrfAffectedSoftware -Vulnerability $id.Vulnerability -ProductTree $id.ProductTree | ? FullProductName -like $ServerType

$Report = $ProductName | Select CVE, FullProductName, Severity, Impact, KBArticle | ConvertTo-Html

ConvertTo-Html -Title $Title -Head $Header -Body "$Css $Report" | Out-File $HTMLReport

HTML Report Generated

Schedule Weekly Email Report for CVE list

  1. Create a Task Scheduler to
  • Execute C:\Script\CVE.ps1 on weekly at 9:00AM
  • Run task scheduler with administrator
$Action = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "-ExecutionPolicy Bypass C:\Scripts\CVE.ps1"
$Trigger = New-ScheduledTaskTrigger -DaysOfWeek Wednesday -Weekly -At 9:00

Register-ScheduledTask -Action $Action -Trigger $Trigger -TaskName "CVEs list from MSRC" -Description "CVE List" -User "Lab\administrator" -Password '[email protected][email protected]#$'

GUI Settings

  1. Create a new PowerShell Script with the content below in C:\Scripts\CVE.ps1
### Load the module
Import-Module -Name MsrcSecurityUpdates

$API_KEY = "9e845e1f86be481eb098220d41154cee"
$Month = '2020-Apr'

#Set API Key
Set-MSRCApiKey -ApiKey $API_KEY -Verbose

# Environment Variables
    $Css="<style>
body {
    font-family: cursive;
    font-size: 14px;
	color: #000000;
	background: #FEFEFE;
}
#title{
	color:#000000;
	font-size: 30px;
	font-weight: bold;
	height: 50px;
    margin-left: 0px;
    padding-top: 10px;
}

#subtitle{
	font-size: 16px;
	margin-left:0px;
    padding-bottom: 10px;
}

table{
	width:100%;
	border-collapse:collapse;
}
table td, table th {
	border:1px solid #000000;
	padding:3px 7px 2px 7px;
}
table th {
	text-align:center;
	padding-top:5px;
	padding-bottom:4px;
	background-color:#000000;
color:#fff;
}
table tr.alt td {
	color:#000;
	background-color:#EAF2D3;
}
</style>"
    $Title = "CVE List for Windows 2016 Server on "+((Get-Culture).DateTimeFormat.GetMonthName((Get-Date).Month))+" "+(Get-Date).year
    $Header = "<div id='title'>$Title</div>$br
                <div id='subtitle'>Report generated: $(Get-Date)</div>"

    $Recipients = @("[email protected]")
    $Sender = "[email protected]"
    $SMTP_Server = "webmail.bernas.com.my"
    $Server_Type = "Windows Server 2016"

$ID = Get-MsrcCvrfDocument -ID '2020-Apr'
$ProductName = Get-MsrcCvrfAffectedSoftware -Vulnerability $id.Vulnerability -ProductTree $id.ProductTree | ? FullProductName -like $Server_Type

$Report = $ProductName | Select CVE, FullProductName, Severity, Impact, KBArticle | ConvertTo-Html
$Subject = 'CVE List '+((Get-Culture).DateTimeFormat.GetMonthName((Get-Date).Month))+" "+(Get-Date).year

Send-MailMessage -To $recipients -From $Sender -Subject $Subject -Body "$Css $Header $Report" -SmtpServer $SMTP_Server -bodyasHTML 

An Email with list of CVE Lists will be delivered to our inbox weekly at 9:00AM

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top