Regarding the Microsoft Security Update Supersedence and CPE Correspondence Issues

Julian Chen 1 Reputation point
2021-04-27T11:34:31+00:00

Recently, I obtained the Microsoft security update and CVE corresponding data through MSRC API, and encountered the following problems:

  1. The monthly Microsoft update JSON file contains each CVE and remediation patch KBID, and the supercedence KBID. Is there a way to list KBIDs and the KBIDs which they superceded?
  2. The information obtained through the MSRC API includes the product name and product id, but doesn't contain CPE format provided by NVD. Is there a way to match the product name with the CPE format?
    https://nvd.nist.gov/products/cpe

EX:
product name VS CPE
Microsoft Exchange Server 2016 Cumulative Update 17 VS
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17::::::

Thanks for the assistance!

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,140 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,304 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Teemo Tang 11,021 Reputation points
    2021-04-28T02:39:53.073+00:00

    For MSRC API related question, You’d better ask for help from github forum
    GitHub - microsoft/MSRC-Microsoft-Security-Updates-API: Repo with getting started projects for the Microsoft Security Updates API (portal.msrc.microsoft.com)
    https://github.com/microsoft/MSRC-Microsoft-Security-Updates-API
    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn.
    Thanks for your understanding and cooperating.

    -------------------------------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Teemo Tang 11,021 Reputation points
    2021-04-28T07:18:36.763+00:00

    Check the Windows Update Catalog site, when you find a KB in there and look at the details for an update it will show you what if any updates it superseded (or is superseded by).

    On the hand, WSUS will tell you superseding updates for any update you click on, just scroll down a bit - the line(s) above his red arrow will show anything that superceded the selected update.
    If you right click the title bar, you can have the update view display supercedence graphically to know where any given update stands in supercedence pecking order.
    Reference:
    Superseded patches list (microsoft.com)
    https://social.technet.microsoft.com/Forums/ie/en-US/6b58f895-9865-4d17-bb6f-4a8c1421046a/superseded-patches-list?forum=winserverwsus

    -------------------------------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.