In this blog post, Thomas Shinder from Microsoft presented the new "Microsoft Security Guide". The article is quite interesting and well worth reading.
I was particularly taken with the last section. It says:
The Security Update Guide development API can be used to create a report in CVRF format. To use this API, click the DEVELOPER tab, and log into TechNet when prompted. From this tab, you can see code samples in a variety of scripting languages.
Now it's getting interesting. Microsoft publishes security problems and updates in the Security Guide and also offers an API directly. The best thing about it: There is even a PowerShell module that does some of the work for you. The data can also be downloaded directly in XML or JSON format via web request and processed further. All you need to access the data is a free API key.
When I read the article, I immediately thought: An e-mail as soon as Exchange updates or security vulnerabilities are published would be great...
I have therefore started to write a small script that fulfills this task. This is what it looks like so far:
The script, which can be downloaded below, is not yet perfect, but it is still in its infancy. I plan to include the script in the Exchange Reporter as well as in the Exchange Monitor. Until then, I will wait for a few CVEs to gain experience.
The PowerShell script has two prerequisites. The API key and the PowerShell module "MsrcSecurityUpdates". The API key can be downloaded free of charge from the Microsoft Security Guide can be applied for, all you need is a Microsoft account:
After logging in with a Microsoft account, the API key can be displayed directly:
Now the Powershell module MsrcSecurityUpdates can be installed. PowerShell must be started with administrator rights for the installation:
Install modules MSRCSecurityUpdates -force
In the script itself the first 7 lines have to be adapted, I think it is self-explanatory:
The script can be downloaded here:
Once the necessary adjustments have been made, a new scheduled task can be created which starts the script daily:
Currently the script still expects to be started daily. The script only notifies when new content is found for Exchange Server. There is still a lot to improve, feedback is welcome.
Hi Frank,
ich habe gerade die Microsoft Security API angefordert und im Skript eingetragen.
Der Aufruf führt allerdings leider zu folgender Fehlermeldung:
“
PS D:\ExchangeCVENotification> .\ExchangeCVENotification.ps1
Get-MsrcCvrfDocument : Das Argument für den Parameter „ID“ kann nicht überprüft werden. Das Argument „2019-Aug“ gehört
nicht zu dem vom ValidateSet-Attribut angegebenen Satz „2016-Apr,2016-Aug,2016-Dec,2016-Jul,2016-Jun,2016-May,2016-Nov,
2016-Oct,2016-Sep,2017-Apr,2017-Aug,2017-Dec,2017-Feb,2017-Jan,2017-Jul,2017-Jun,2017-Mar,2017-May,2017-May-B,2017-Nov,
2017-Oct,2017-Sep,2018-Apr,2018-Aug,2018-Dec,2018-FEB,2018-Jan,2018-Jul,2018-Jun,2018-Mar,2018-May,2018-Nov,2018-Oct,20
18-Sep,2019-Apr,2019-Feb,2019-Jan,2019-Jul,2019-Jun,2019-Mar,2019-May“. Geben Sie ein Argument an, das in dem Satz
enthalten ist, und führen Sie dann den Befehl erneut aus.
In D:\ExchangeCVENotification\ExchangeCVENotification.ps1:114 Zeichen:37
+ $CvrfDoc = Get-MsrcCvrfDocument -ID $monthOfInterest -ApiKey $APIKey
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-MsrcCvrfDocument], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Get-MsrcCvrfDocument
get-date : Das Eingabeobjekt kann an keine Parameter des Befehls gebunden werden, da der Befehl keine Pipelineeingaben
akzeptiert oder die Eingabe und deren Eigenschaften mit keinem der Parameter übereinstimmen, die Pipelineeingaben
akzeptieren.
In D:\ExchangeCVENotification\ExchangeCVENotification.ps1:115 Zeichen:63
+ $CvrfRelease = $CvrfDoc.DocumentTracking.CurrentReleaseDate | get-date
+ ~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-Date], ParameterBindingException
+ FullyQualifiedErrorId : InputObjectNotBound,Microsoft.PowerShell.Commands.GetDateCommand
„
Hi Franky,
bitte nimm dich auch den aktuellen Update Problem an.
Das dürfte einige deiner followover interessieren.
„Cant start Transport service after installing March 2017 Windows Updates“
Hi Marco,
ich finde nur einen Thread zu KB4013429 auf Edge Transport Servern. Das KB4013429 wurde allerdings heute durch das KB4015438 ersetzt. Vielleicht ist das schon nicht mehr relevant? Ich habe keine Edge Transport Server im Einsatz und kann es daher auch nicht testen.
Gruß, Frank