Hi everyone,
I have a bit of a daunting task before me and need some help. I am brand new to powershell, but I think it could gather the information I need.
On the device I am logged into, I need to get a list of windows updates (KB article numbers) and their associated CVEs that it fixes. For each of the KBs, I need to know what severity that MS has assigned to it (Critical, High/Important, etc) and the severity of the individual CVEs (Critical/High/Medium/Low). I need the data separated by month.
The overall goal is to be able to see how many of each severity ( at a KB and CVE level) were patched on the device each month. If I can just get the data out into a CSV, I can then use some Excel magic to get the counts. The data is the part I have no idea how to get.
I am envisioning the columns to be something like:
Date | KB | KB Sev | CVE | CVE Sev
For this example data:
April 2024
KB5036609
Important
CVE-2024-21409
High
2024-04,KB5036609,Important,CVE-2024-21409,High
For this example data:
April 2024
KB5036899
Critical
CVE-2022-0001 (Medium),CVE-2024-20665 (Medium),CVE-2024-26195 (High) {There are 72 total but just for illustration only a few listed here}
2024-04,KB5036899,Critical,CVE-2022-0001,Medium
2024-04,KB5036899,Critical,CVE-2024-20665,Medium
2024-04,KB5036899,Critical,CVE-2024-26195,High
…the other 69 listed on separate rows
The script can query NIST, MS, or any reliable online source to get all the data.
This will be run on Windows 2016, 2019 and Windows 11 (for testing)
Any help would be greatly appreciated.