Regarding the Microsoft Security Update Supersedence and CPE Correspondence Issues

Julian Chen 1 Reputation point
2021-04-27T11:34:31+00:00

Recently, I obtained the Microsoft security update and CVE corresponding data through MSRC API, and encountered the following problems:

  1. The monthly Microsoft update JSON file contains each CVE and remediation patch KBID, and the supercedence KBID. Is there a way to list KBIDs and the KBIDs which they superceded?
  2. The information obtained through the MSRC API includes the product name and product id, but doesn't contain CPE format provided by NVD. Is there a way to match the product name with the CPE format?
    https://nvd.nist.gov/products/cpe

EX:
product name VS CPE
Microsoft Exchange Server 2016 Cumulative Update 17 VS
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17::::::

Thanks for the assistance!

Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
Windows for business | Windows Server | Devices and deployment | Configure application groups
{count} votes

2 answers

Sort by: Most helpful
  1. Teemo Tang 11,466 Reputation points
    2021-04-28T02:39:53.073+00:00

    For MSRC API related question, You’d better ask for help from github forum
    GitHub - microsoft/MSRC-Microsoft-Security-Updates-API: Repo with getting started projects for the Microsoft Security Updates API (portal.msrc.microsoft.com)
    https://github.com/microsoft/MSRC-Microsoft-Security-Updates-API
    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn.
    Thanks for your understanding and cooperating.

    -------------------------------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Teemo Tang 11,466 Reputation points
    2021-04-28T07:18:36.763+00:00

    Check the Windows Update Catalog site, when you find a KB in there and look at the details for an update it will show you what if any updates it superseded (or is superseded by).

    On the hand, WSUS will tell you superseding updates for any update you click on, just scroll down a bit - the line(s) above his red arrow will show anything that superceded the selected update.
    If you right click the title bar, you can have the update view display supercedence graphically to know where any given update stands in supercedence pecking order.
    Reference:
    Superseded patches list (microsoft.com)
    https://social.technet.microsoft.com/Forums/ie/en-US/6b58f895-9865-4d17-bb6f-4a8c1421046a/superseded-patches-list?forum=winserverwsus

    -------------------------------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.