Windows Updates are based on KB number and not CVE and like you said one update might contains multiple CVE.
In Windows PowerShell, you may run Get-HotFix to see list of all installed updates and then check KB in Microsoft website and see what CVE are covered.
On the following websites you may search for update based on CVE and see which update is associated with each CVE. However, note that new Microsoft Updates are cumulative and if you install newer update, it holds all previous updates including security ones.
How can I see all CVE's that relate to a specific product/build?
I am trying to discover the amount of False Positive and False Negatives discovered by my Vulnerability Scanner. The only way I see this being possible is to establish a baseline of CVE's discovered by the scanner apply a patch and re-scan. I will compare the CVE's that should be mitigated by the patch with the CVE's returned by my scanner to determine this. I have done some research into Microsoft's release notes and have seen that when they publish patches it covers multiple CVE's as seen here in the August 2021 Security Updates. These CVE's relate to all of the software listed in the release notes. However, I would like to see only the CVE's that will apply to my specific build of Windows 10.
2 answers
Sort by: Most helpful
-
Reza-Ameri 16,986 Reputation points
2021-08-25T15:26:06.493+00:00 -
Limitless Technology 39,686 Reputation points
2021-08-25T17:46:59.16+00:00 Hello Samuel,
I believe that this is what you are looking for:
View and organize the Microsoft Defender for Endpoint Devices list
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machines-view-overview?view=o365-worldwideSpecially the options for:
OS Platform
Select only the OS platforms you're interested in investigating.Windows 10 versions
Select only the Windows 10 versions you're interested in investigating.Hope this helps!
Luis P