Windows audit¶
Audit Windows host via installed KB¶
Use quick audit of Windows hosts for installed security KB. Windows audit requires OS version + list of installed updates (KB).
- The OS version can be obtained from systeminfo;
- The list of installed updates is also via systeminfo or via wmic qfe list.
Query:
POST /api/v3/audit/kb/
Query example:
curl -XPOST https://vulners.com/api/v3/audit/kb/ -H 'Content-Type: application/json' -d '{
"os": "Windows Server 2012 R2",
"kbList": ["KB4072650", "KB2959936", "KB2894856", "KB2896496"],
"apiKey": "{API key}"
}'
win_vulners = vulners_api.kb_audit(
os="Windows Server 2016", kb_list=['KB4465659', 'KB4535680', 'KB4565912', 'KB4598243'])
need_2_install_kb = win_vulners['kbMissed']
affected_cve = win_vulners['cvelist']
win_vulners = vulners_api.kbAudit(
os="Windows Server 2016", kb_list=['KB4465659', 'KB4535680', 'KB4565912', 'KB4598243'])
need_2_install_kb = win_vulners['kbMissed']
affected_cve = win_vulners['cvelist']
[
"KB5000803",
"KB5017095",
"KB5011495",
"KB5003638",
"KB5009546",
"KB5012596",
"KB5004948",
"KB5001347",
"KB5007192",
"KB5004238",
"KB5010359",
"KB5014702",
"KB5016622",
"KB4601318",
"KB5005573",
"KB5008207",
"KB5006669",
"KB5012170",
"KB5015808",
"KB5005043",
"KB5013952",
"KB5003197"
]
[ "CVE-2021-36942",
"CVE-2021-31958",
"CVE-2022-34302",
"CVE-2022-30166",
"CVE-2022-22002",
"CVE-2021-1640",
"CVE-2021-24111",
"CVE-2022-26832",
"CVE-2021-33757",
"CVE-2021-41361",
"CVE-2021-36938",
"CVE-2020-1036",
"CVE-2021-42279",
"CVE-2022-34303",
"CVE-2021-28318",
"CVE-2020-1472",
"CVE-2022-21897",
"CVE-2021-38667",
"CVE-2021-31959",
"CVE-2021-34481",
"CVE-2022-30154",
"CVE-2021-34459",
"CVE-2022-23293",
"CVE-2020-17049",
"CVE-2020-26784",
"CVE-2022-22048",
"CVE-2021-33779",
"CVE-2021-43893",
"CVE-2022-26784",
"CVE-2021-26419",
"CVE-2021-34527",
"CVE-2022-35822",
"CVE-2022-34301",
"CVE-2022-30138",
"CVE-2021-264110"
]
Audit installed KB's and software¶
Use quick audit of Windows hosts for installed security KB and software. Windows audit requires OS version, a list of installed updates (KB) and a list of installed software.
- The OS version can be obtained from systeminfo;
- The list of installed updates is also via systeminfo or via wmic qfe list.
Query:
POST /api/v3/audit/winaudit/
Query example:
curl -XPOST https://vulners.com/api/v3/audit/kb/ -H 'Content-Type: application/json' -d '{
"os": "Windows Server 2012 R2",
"kbList": ["KB4072650", "KB2959936", "KB2894856", "KB2896496"],
"software": [{"software": "7-Zip 19.00 (x64)", "version": "19.00"}, {"software": "Git", "version": "2.33.0.2"},
{"software": "Notepad++ (64-bit x64)", "version": "8.4.6"}, {"software": "Microsoft 365 - en-us", "version": "16.0.15726.20202"},
{"software": "Microsoft 365 - ru-ru", "version": "16.0.15726.20202"},
{"software": "Microsoft OneDrive", "version": "22.227.1030.0001"},
{"software": "Total Commander 64-bit (Remove or Repair)", "version": "10.00"},
{"software": "Microsoft .NET AppHost Pack - 6.0.0 (x64_x86)", "version": "48.3.31210"},
{"software": "Microsoft .NET Host FX Resolver - 6.0.0 (x64)", "version": "48.3.31210"},
{"software": "VMware Player", "version": "16.2.4"}, {"software": "Foxit PDF Reader", "version": "12.0.1.12430"}]
}'
kb = ['KB4052623', 'KB5019959', 'KB5017888', 'KB890830', 'KB2267602', 'KB4023057']
software = [{'software': '7-Zip 19.00 (x64)', 'version': '19.00'}, {'software': 'Git', 'version': '2.33.0.2'},
{'software': 'Notepad++ (64-bit x64)', 'version': '8.4.6'}, {'software': 'Microsoft 365 - en-us', 'version': '16.0.15726.20202'},
{'software': 'Microsoft 365 - ru-ru', 'version': '16.0.15726.20202'},
{'software': 'Microsoft OneDrive', 'version': '22.227.1030.0001'},
{'software': 'Total Commander 64-bit (Remove or Repair)', 'version': '10.00'},
{'software': 'Microsoft .NET AppHost Pack - 6.0.0 (x64_x86)', 'version': '48.3.31210'},
{'software': 'Microsoft .NET Host FX Resolver - 6.0.0 (x64)', 'version': '48.3.31210'},
{'software': 'VMware Player', 'version': '16.2.4'}, {'software': 'Foxit PDF Reader', 'version': '12.0.1.12430'}]
os_name = 'windows'
os_version = '10.0.19045'
report = vulners_api.winaudit(os=os_name, os_version=os_version, kb_list=kb, software=software)
{
"packages": {
"Foxit PDF Reader": {
"CVE-2022-32774": [
{
"package": "Foxit PDF Reader",
"published": "2022-11-21T16:15:00",
"providedOSName": "windows",
"matchedOSName": null,
"bulletinOSName": null,
"providedOSVersion": "10.0.19045",
"bulletinOSVersion": null,
"providedVersion": "12.0.1.12430",
"bulletinVersion": "12.0.1.12430",
"providedPackage": "Foxit PDF Reader",
"bulletinPackage": "foxit pdf reader",
"operator": "eq",
"bulletinID": "CVE-2022-32774",
"cvelist": [
"CVE-2022-32774"
],
"cvss": {
"score": 0.0,
"vector": "NONE"
},
"fix": "Update Foxit PDF Reader"
}
],
"CVE-2022-37332": [
{
"package": "Foxit PDF Reader",
"published": "2022-11-21T16:15:00",
"providedOSName": "windows",
"matchedOSName": null,
"bulletinOSName": null,
"providedOSVersion": "10.0.19045",
"bulletinOSVersion": null,
"providedVersion": "12.0.1.12430",
"bulletinVersion": "12.0.1.12430",
"providedPackage": "Foxit PDF Reader",
"bulletinPackage": "foxit pdf reader",
"operator": "eq",
"bulletinID": "CVE-2022-37332",
"cvelist": [
"CVE-2022-37332"
],
"cvss": {
"score": 0.0,
"vector": "NONE"
},
"fix": "Update Foxit PDF Reader"
}
],
"CVE-2022-38097": [
{
"package": "Foxit PDF Reader",
"published": "2022-11-21T16:15:00",
"providedOSName": "windows",
"matchedOSName": null,
"bulletinOSName": null,
"providedOSVersion": "10.0.19045",
"bulletinOSVersion": null,
"providedVersion": "12.0.1.12430",
"bulletinVersion": "12.0.1.12430",
"providedPackage": "Foxit PDF Reader",
"bulletinPackage": "foxit pdf reader",
"operator": "eq",
"bulletinID": "CVE-2022-38097",
"cvelist": [
"CVE-2022-38097"
],
"cvss": {
"score": 0.0,
"vector": "NONE"
},
"fix": "Update Foxit PDF Reader"
}
],
"CVE-2022-40129": [
{
"package": "Foxit PDF Reader",
"published": "2022-11-21T16:15:00",
"providedOSName": "windows",
"matchedOSName": null,
"bulletinOSName": null,
"providedOSVersion": "10.0.19045",
"bulletinOSVersion": null,
"providedVersion": "12.0.1.12430",
"bulletinVersion": "12.0.1.12430",
"providedPackage": "Foxit PDF Reader",
"bulletinPackage": "foxit pdf reader",
"operator": "eq",
"bulletinID": "CVE-2022-40129",
"cvelist": [
"CVE-2022-40129"
],
"cvss": {
"score": 0.0,
"vector": "NONE"
},
"fix": "Update Foxit PDF Reader"
}
]
},
"windows 10 version 22h2 for x64-based systems": {
"MS:CVE-2022-41094": [
{
"package": "windows 10 version 22h2 for x64-based systems",
"published": "2022-12-13T08:00:00",
"providedOSName": "windows",
"matchedOSName": "windows",
"bulletinOSName": "windows 10 version 22h2 for x64-based systems",
"providedOSVersion": "10.0.19045",
"bulletinOSVersion": "10.0.19045.2364",
"providedVersion": "10.0.19045",
"bulletinVersion": "10.0.19045.2364",
"providedPackage": "windows",
"bulletinPackage": "windows 10 version 22h2 for x64-based systems",
"operator": "lt",
"bulletinID": "MS:CVE-2022-41094",
"cvelist": [
"CVE-2022-41094"
],
"cvss": {
"score": 0.0,
"vector": "NONE"
},
"fix": "Install KB5021233 update"
}
]
},
"windows 10 version 22h2 for 32-bit systems": {
"MS:CVE-2023-21712": [
{
"package": "windows 10 version 22h2 for 32-bit systems",
"published": "2023-01-26T08:00:00",
"providedOSName": "windows",
"matchedOSName": "windows",
"bulletinOSName": "windows 10 version 22h2 for 32-bit systems",
"providedOSVersion": "10.0.19045",
"bulletinOSVersion": "10.0.19045.2486",
"providedVersion": "10.0.19045",
"bulletinVersion": "10.0.19045.2486",
"providedPackage": "windows",
"bulletinPackage": "windows 10 version 22h2 for 32-bit systems",
"operator": "lt",
"bulletinID": "MS:CVE-2023-21712",
"cvelist": [
"CVE-2023-21712"
],
"cvss": {
"score": 0.0,
"vector": "NONE"
},
"fix": "Install KB5022282 update"
}
],
"MS:CVE-2023-21823": [
{
"package": "windows 10 version 22h2 for 32-bit systems",
"published": "2023-02-14T08:00:00",
"providedOSName": "windows",
"matchedOSName": "windows",
"bulletinOSName": "windows 10 version 22h2 for 32-bit systems",
"providedOSVersion": "10.0.19045",
"bulletinOSVersion": "10.0.19045.2604",
"providedVersion": "10.0.19045",
"bulletinVersion": "10.0.19045.2604",
"providedPackage": "windows",
"bulletinPackage": "windows 10 version 22h2 for 32-bit systems",
"operator": "lt",
"bulletinID": "MS:CVE-2023-21823",
"cvelist": [
"CVE-2023-21823"
],
"cvss": {
"score": 0.0,
"vector": "NONE"
},
"fix": "Install KB5022834 update"
}
]
}
},
"vulnerabilities": [
"MS:CVE-2023-21712",
"CVE-2022-40129",
"CVE-2022-32774",
"CVE-2022-38097",
"MS:CVE-2023-21823",
"CVE-2022-37332",
"MS:CVE-2022-41094"
],
"reasons": [
{
"package": "Foxit PDF Reader",
"published": "2022-11-21T16:15:00",
"providedOSName": "windows",
"matchedOSName": null,
"bulletinOSName": null,
"providedOSVersion": "10.0.19045",
"bulletinOSVersion": null,
"providedVersion": "12.0.1.12430",
"bulletinVersion": "12.0.1.12430",
"providedPackage": "Foxit PDF Reader",
"bulletinPackage": "foxit pdf reader",
"operator": "eq",
"bulletinID": "CVE-2022-32774",
"cvelist": [
"CVE-2022-32774"
],
"cvss": {
"score": 0.0,
"vector": "NONE"
},
"fix": "Update Foxit PDF Reader"
},
{
"package": "Foxit PDF Reader",
"published": "2022-11-21T16:15:00",
"providedOSName": "windows",
"matchedOSName": null,
"bulletinOSName": null,
"providedOSVersion": "10.0.19045",
"bulletinOSVersion": null,
"providedVersion": "12.0.1.12430",
"bulletinVersion": "12.0.1.12430",
"providedPackage": "Foxit PDF Reader",
"bulletinPackage": "foxit pdf reader",
"operator": "eq",
"bulletinID": "CVE-2022-37332",
"cvelist": [
"CVE-2022-37332"
],
"cvss": {
"score": 0.0,
"vector": "NONE"
},
"fix": "Update Foxit PDF Reader"
},
{
"package": "Foxit PDF Reader",
"published": "2022-11-21T16:15:00",
"providedOSName": "windows",
"matchedOSName": null,
"bulletinOSName": null,
"providedOSVersion": "10.0.19045",
"bulletinOSVersion": null,
"providedVersion": "12.0.1.12430",
"bulletinVersion": "12.0.1.12430",
"providedPackage": "Foxit PDF Reader",
"bulletinPackage": "foxit pdf reader",
"operator": "eq",
"bulletinID": "CVE-2022-38097",
"cvelist": [
"CVE-2022-38097"
],
"cvss": {
"score": 0.0,
"vector": "NONE"
},
"fix": "Update Foxit PDF Reader"
},
{
"package": "Foxit PDF Reader",
"published": "2022-11-21T16:15:00",
"providedOSName": "windows",
"matchedOSName": null,
"bulletinOSName": null,
"providedOSVersion": "10.0.19045",
"bulletinOSVersion": null,
"providedVersion": "12.0.1.12430",
"bulletinVersion": "12.0.1.12430",
"providedPackage": "Foxit PDF Reader",
"bulletinPackage": "foxit pdf reader",
"operator": "eq",
"bulletinID": "CVE-2022-40129",
"cvelist": [
"CVE-2022-40129"
],
"cvss": {
"score": 0.0,
"vector": "NONE"
},
"fix": "Update Foxit PDF Reader"
},
{
"package": "windows 10 version 22h2 for x64-based systems",
"published": "2022-12-13T08:00:00",
"providedOSName": "windows",
"matchedOSName": "windows",
"bulletinOSName": "windows 10 version 22h2 for x64-based systems",
"providedOSVersion": "10.0.19045",
"bulletinOSVersion": "10.0.19045.2364",
"providedVersion": "10.0.19045",
"bulletinVersion": "10.0.19045.2364",
"providedPackage": "windows",
"bulletinPackage": "windows 10 version 22h2 for x64-based systems",
"operator": "lt",
"bulletinID": "MS:CVE-2022-41094",
"cvelist": [
"CVE-2022-41094"
],
"cvss": {
"score": 0.0,
"vector": "NONE"
},
"fix": "Install KB5021233 update"
},
{
"package": "windows 10 version 22h2 for 32-bit systems",
"published": "2023-01-26T08:00:00",
"providedOSName": "windows",
"matchedOSName": "windows",
"bulletinOSName": "windows 10 version 22h2 for 32-bit systems",
"providedOSVersion": "10.0.19045",
"bulletinOSVersion": "10.0.19045.2486",
"providedVersion": "10.0.19045",
"bulletinVersion": "10.0.19045.2486",
"providedPackage": "windows",
"bulletinPackage": "windows 10 version 22h2 for 32-bit systems",
"operator": "lt",
"bulletinID": "MS:CVE-2023-21712",
"cvelist": [
"CVE-2023-21712"
],
"cvss": {
"score": 0.0,
"vector": "NONE"
},
"fix": "Install KB5022282 update"
},
{
"package": "windows 10 version 22h2 for 32-bit systems",
"published": "2023-02-14T08:00:00",
"providedOSName": "windows",
"matchedOSName": "windows",
"bulletinOSName": "windows 10 version 22h2 for 32-bit systems",
"providedOSVersion": "10.0.19045",
"bulletinOSVersion": "10.0.19045.2604",
"providedVersion": "10.0.19045",
"bulletinVersion": "10.0.19045.2604",
"providedPackage": "windows",
"bulletinPackage": "windows 10 version 22h2 for 32-bit systems",
"operator": "lt",
"bulletinID": "MS:CVE-2023-21823",
"cvelist": [
"CVE-2023-21823"
],
"cvss": {
"score": 0.0,
"vector": "NONE"
},
"fix": "Install KB5022834 update"
}
],
"cvss": {
"score": 0.0,
"vector": "NONE"
},
"cvelist": [
"CVE-2022-32774",
"CVE-2022-41094",
"CVE-2022-37332",
"CVE-2023-21712",
"CVE-2023-21823",
"CVE-2022-40129",
"CVE-2022-38097"
],
"id": "08E9<...>S9P3"
}
Get Windows KB superseeding/parentseeding data¶
Refer to this if you need more information about KB after the previous method. Superseeded information will be returned as a dictionary with two fields: 'superseeds', 'parentseeds'.
- Superseeds means "what KB are covered by this KB".
- Parentseeds means "what KB are covering this KB".
Query:
POST /api/v3/search/id/
Query example:
curl -XPOST https://vulners.com/api/v3/search/id/ -H 'Content-Type: application/json' -d '{
"id": "KB4524135",
"fields": ["superseeds", "parentseeds"],
"apiKey": "{API key}"
}'
seeds = vulners_api.get_kb_seeds("KB4524135")
superseeds = vulners_api.kbSuperseeds("KB4524135")
# Yes, not entirely obvious and logical. Returns dicts with superseeds and parentseeds.
{
"superseeds": [
"KB3021952",
"KB4103768",
"KB2699988",
"KB3100773",
"KB931768",
"KB4466536",
"KB4343205",
"KB896688",
"KB4462949",
"KB2977629",
"KB2817183",
"KB972260",
"KB4457426",
"KB980182",
"KB929969",
"KB4470199",
"KB2544521",
"KB4511872",
"KB2744842",
"KB2879017",
"KB2497640",
"KB2360131",
"KB4025252",
"KB2829530",
"KB4047206",
"KB3093983",
"KB4507434",
"KB4056568",
"KB960714",
"KB2530548",
"KB3203621",
"KB833989",
"KB2761451",
"KB3139929",
"KB4339093",
"KB4483187",
"KB969897",
"KB910620",
"KB942615",
"KB956390",
"KB937143",
"KB4052978",
"KB2416400",
"KB4018271",
"KB2987107",
"KB2870699",
"KB982381",
"KB2183461",
"KB2586448",
"KB958215",
"KB963027",
"KB2862772",
"KB4012204",
"KB4036586",
"KB3175443",
"KB933566",
"KB947864",
"KB2647516",
"KB4486474",
"KB944533",
"KB2976627",
"KB4074736",
"KB2792100",
"KB905915",
"KB922760",
"KB4489873",
"KB883939",
"KB2797052",
"KB2909212",
"KB4230450",
"KB3003057",
"KB4092946",
"KB2963952",
"KB978207",
"KB4034733",
"KB939653",
"KB976325",
"KB3154070",
"KB4040685",
"KB3038314",
"KB928090",
"KB2675157",
"KB4493435",
"KB3197655",
"KB896727",
"KB3034196",
"KB3049563",
"KB3032359",
"KB2618444",
"KB974455",
"KB938127",
"KB2838727",
"KB3148198",
"KB3191492",
"KB3170106",
"KB2559049",
"KB2809289",
"KB3058515",
"KB4014661",
"KB4516046",
"KB950759",
"KB925486",
"KB3036197",
"KB3124275",
"KB2799329",
"KB3008923",
"KB3078071",
"KB953838",
"KB3065822",
"KB2722913",
"KB4021558",
"KB3104002",
"KB912812",
"KB918899",
"KB2482017",
"KB3160005",
"KB2962872",
"KB4096040",
"KB916281",
"KB3185319",
"KB3087038",
"KB4480965",
"KB2761465",
"KB4089187",
"KB2846071",
"KB890923",
"KB4503259",
"KB4498206",
"KB3134814"
],
"parentseeds": [
"KB4571687",
"KB4534251",
"KB4540671",
"KB4586768",
"KB4519974",
"KB4525106",
"KB4530677",
"KB4556798",
"KB4565479",
"KB4561603",
"KB4537767",
"KB4550905",
"KB4577010"
]
}
Get the list of Windows KB updates with download urls¶
Query:
POST /api/v3/search/lucene/
Query example:
curl -XPOST https://vulners.com/api/v3/search/lucene/ -H 'Content-Type: application/json' -d '{
"query": "type:msupdate AND kb:(KB4524135)",
"skip": 0,
"size": 100,
"fields": [
"id",
"title",
"description",
"type",
"bulletinFamily",
"cvss",
"published",
"modified",
"lastseen",
"href",
"sourceHref",
"sourceData",
"cvelist"],
"apiKey": "{API key}"
}'
microsoft_updates_for_kb = vulners_api.get_kb_updates("KB4524135")
updates_download_links = [update.get('href') for update in microsoft_updates_for_kb]
microsoft_updates_for_kb = vulners_api.kbUpdates("KB4524135")
updates_download_links = [update.get('href') for update in microsoft_updates_for_kb]
[
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=ef31383a-7932-441a-a626-f0a145cc422a",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=18552c40-7e36-4f15-960a-9717a4912af1",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=375f016c-b4ac-4d71-9dee-8095427a3c86",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=2ca3d95f-1ecb-4850-aeb4-afb63cd6374a",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=72890150-da44-47b2-b1b5-7dce2d5d1a30",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=fba96f27-5955-45e1-82e5-ad350b4627e0",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=9668152f-78a1-44f9-a229-38e86189703a",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=e08d28ef-d685-412c-b0bc-8cc26bf899c3",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=a22dcbac-485a-4834-8556-fee2e437ab9b",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=db62995c-3814-4fd7-a481-dc285f0640e2",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=16216817-6043-4587-a803-9b3a9f3a58cc",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=393d67e1-8827-4c6d-9187-b6320a9a03bc",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=b18abca1-c8ec-4e43-9fa0-cc2b2a518304",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=96c42c78-234b-4ae7-b097-be0eb8ac6f25",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=63cc9ae6-6d02-4936-8b77-b976b440ff25",
"https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=2661795f-8beb-468f-9c4f-0de83724a90f"
]