CVE vs KB Table

Question

I work with equipment that is very selective about which KB or MS patches are allowed to be installed. I'm spending a lot of time trying to figure out which CVEs are addressed by which KB or MS fix for windows using Nessus' notes and sites like mitre.org.

Is there a publicly available complete and up-to-date list or organization that provides a simple list like this?:

Vulnerabilitiy - Fix
CVE-####-####  - KB####### (or MS##-###)

I'm looking for a big list I'd be able to put into Excel and then run VLOOKUPs to pull which fixes I can address.

There are a lot of options, actually - what research have you done? — schroeder, Mar 21 '17 at 16:08
I started by using https://web.nvd.nist.gov to look up the vulnerabilities, and use whatever links Nessus gave me. And of course, google. Then started trying to make my own table using MS bulletins here: http://www.cvedetails.com/microsoft-bulletins/2015/ but you have to click through to get to the CVE #. I tried to get the comma-separated .csv file here: https://cve.mitre.org/data/downloads/index.html and tried to do some indexing in Excel, but that wasn't working. So lately, I've just been looking up each fix and checking them off. But I'd love Excel to do that work for me if I could. — Tallima, Mar 21 '17 at 16:18
but those aren't what you are looking for: do a Google search for CSV CVEs — schroeder, Mar 21 '17 at 16:19
There are also an incredible number of products designed to do this for you. — schroeder, Mar 21 '17 at 16:20
I couldn't get the KBs or MS Bulletins parsed out of the massive text. But thanks Schroeder! You put me a on a better search path, which led me here: http://cve.mitre.org/data/refs/refmap/source-MS.html That's exactly what I was needing. They call it a reference map. I knew it had to be out there! — Tallima, Mar 21 '17 at 16:35
Glad to help. Because of the nature of the question, I'm going to close it as off-topic ('is there a X that does Y?' pattern) — schroeder, Mar 21 '17 at 17:23

CVE vs KB Table

0 Answers0

Related