After dumping security bulletins in April, company offers script that churns out 203-page document A Microsoft manager this week offered IT administrators a way to replicate — in a fashion — the security bulletins the company discarded last month. “If you want a report summarizing today’s #MSRC security bulletins, here’s a script that uses the MSRC Portal API,” John Lambert, general manager of the Microsoft Threat Intelligence Center, said in a Tuesday message on Twitter. Lambert’s tweet linked to code depository GitHub, where he posted a PowerShell script that polled data using a new API (application programming interface). Microsoft made the API available in November when it first announced that it planned to axe the security bulletins it had issued since at least 1998. The API lets advanced users, typically corporate security and network admins, mine the database that replaced the bulletins. Customers can manually dig information from the database using the Security Updates Guide web portal. Before calling on the API, users must retrieve a key; they can do that from the “Developer” tab on the Security TechCenter site. Using PowerShell and the API key, Lambert’s script automatically assembled an HTML-formatted document that called out vulnerabilities by CVE (Common Vulnerabilities & Exposures, a widely-used bug identifying system) with listings of which product each flaw affected. The document also organized the bugs by Microsoft’s exploitability index and collected all the vulnerabilities each version of software contained. Some of the information once present in security bulletins, such as bug workarounds and mitigations, was missing from the document. However, those remedies can be retrieved from the database using additional PowerShell code Microsoft published on GitHub. The script lets users select the time frame of the ensuing document; Lambert’s example covered the May 9 security updates. When saved as a PDF, this month’s document ran 203 pages. But even as Lambert pitched the script as a substitute for the defunct bulletins, others reveled in the irony. “This gives me a great idea: Just put the summary on [Microsoft’s] web page. Seemed to work alright the last 15 years or so!” tweeted Mark Dowd, founder of Azimuth Security, in a Twitter reply. Related content news analysis Apple earnings: About that iPhone 'slump' in China Based on information from Thursday's earnings report, it seems that data pointing to an iPhone slump in China were over-baked. By Jonny Evans May 03, 2024 9 mins iMac iPhone Apple news Microsoft begins to phase out ‘classic’ Teams Microsoft is encouraging Teams customers to move to the new, faster version of the collaboration app; the older version will be switched off next year. By Matthew Finnegan May 03, 2024 3 mins Microsoft Teams Collaboration Software Productivity Software news analysis Apple confirms it will open up the iPad in Europe this fall The latest efforts to comply with Europe’s Digital Markets Act mean developers can offer to side load apps to both iPhones and iPads in the EU. Apple has also taken steps to improve what it offers to smaller and non-commercial developers in the By Jonny Evans May 02, 2024 6 mins iPad Apple Mobile Apps news Udacity offers laid-off US workers free access to its courses for 30 days Sign-ups will be available over the next 30 days By Lucas Mearian May 02, 2024 4 mins Technology Industry IT Jobs IT Skills Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe