Microsoft posts PowerShell script that spawns pseudo security bulletins
- 13 May, 2017 04:48
A Microsoft manager this week offered IT administrators a way to replicate -- in a fashion -- the security bulletins the company discarded last month.
"If you want a report summarizing today's #MSRC security bulletins, here's a script that uses the MSRC Portal API," John Lambert, general manager of the Microsoft Threat Intelligence Center, said in a Tuesday message on Twitter.
Lambert's tweet linked to code depository GitHub, where he posted a PowerShell script that polled data using a new API (application programming interface). Microsoft made the API available in November when it first announced that it planned to axe the security bulletins it had issued since at least 1998.
The API lets advanced users, typically corporate security and network admins, mine the database that replaced the bulletins. Customers can manually dig information from the database using the Security Updates Guide web portal.
Before calling on the API, users must retrieve a key; they can do that from the "Developer" tab on the Security TechCenter site.
Using PowerShell and the API key, Lambert's script automatically assembled an HTML-formatted document that called out vulnerabilities by CVE (Common Vulnerabilities & Exposures, a widely-used bug identifying system) with listings of which product each flaw affected. The document also organized the bugs by Microsoft's exploitability index and collected all the vulnerabilities each version of software contained.
Some of the information once present in security bulletins, such as bug workarounds and mitigations, was missing from the document. However, those remedies can be retrieved from the database using additional PowerShell code Microsoft published on GitHub.
The script lets users select the time frame of the ensuing document; Lambert's example covered the May 9 security updates. When saved as a PDF, this month's document ran 203 pages.
But even as Lambert pitched the script as a substitute for the defunct bulletins, others reveled in the irony.
"This gives me a great idea: Just put the summary on [Microsoft's] web page. Seemed to work alright the last 15 years or so!" tweeted Mark Dowd, founder of Azimuth Security, in a Twitter reply.