Microsoft CVRF API

Question

It has come to my attention that, starting from February 9, 2021, Microsoft Security Response Center has removed registrations requirements to their CVRF API.

That could be a nice way to programmatically identify, download and apply security updates and, for example, provisioning fully patched systems.

That being the case, I was trying to identify, the latest cumulative update for a given Windows version, say 20H2, to be later downloaded from Microsoft Update Catalog, which lacks a proper API.

Currently, I can just think of parsing the call:

curl -X GET --header 'Accept: application/json' 'https://api.msrc.microsoft.com/cvrf/v2.0/cvrf/2021-Feb'          

Is there a more specific and reliable way?

Answer 1

I haven't found a straightforward way to parse the JSON output. However, this sort of works:

$product = "Windows 10"
$version = "20H2"
 
$raw = Invoke-WebRequest 'https://api.msrc.microsoft.com/cvrf/v2.0/cvrf/2021-feb' -Headers @{"accept"="application/json"}
$json = $raw.Content | ConvertFrom-Json
$search = "$product*$version*x64-based*"
$prd = $json.ProductTree.Branch[0].Items.Items | where{$_.Value -like $search}
$prdID = $prd.ProductID
($prd | Out-String) | Write-Host
$json.Vulnerability.Remediations | where{$_.ProductID -eq $prdID} |
  %{echo $_.URL} | Sort-Object | Get-Unique | Select -Last 1

Answer 2

Above code wouldn't work for me on newer platforms, but if you check if ProductID array is greater than 0 and select the 0th element, you can string compare properly. The where-object doesn't allow you to do this to my knowledge. So I put $rem in place and did nested loops of prdID and $rem inside of that. I'd paste the code but the rules to post code I can't figure out. Just PM me if any questions.