Sunday, 25 September 2005

In the course of trying to save some time and make things a little more streamlined at work, I've been looking for Microsoft RSS feeds for security patch releases with sufficient detail in them to be able to do some automation of our internal patch tracking. I am already aware of the RSS feed at TechNet, since I have been subscribed to it since day-one:

http://www.microsoft.com/technet/security/bulletin/secrss.aspx

But unfortunately it munges multiple pieces of discreet information into one data element (specifically the title) and also leaves a bunch of stuff completely out, since it's just a list of summaries, really:

   <item>
  <title>MS05-043: Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)</title>
  <link>http://www.microsoft.com/technet/security/Bulletin/MS05-043.mspx</link>
  <description>This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability exists in the Print Spooler service that could allow remote code execution. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</description>
  <guid isPermaLink="false">http://www.microsoft.com/technet/security/Bulletin/MS05-043.mspx</guid>
  <pubDate>Tue, 9 Aug 2005 00:00:00 GMT</pubDate>
</item>

Maybe this is a good example of where RSS extensions could or should come into play, or maybe what I need instead is a more generic (non-RSS for all I care) XML feed that has a schema that supports keeping the patch number, KB article title, bulletin name and long description as separate data points. Plus, where's the rest of the info for each bulletin? I'd also like to see what platforms each bulletin applies to (in a yes-or-no format for each one), the intricate details about the vulnerability, and other stuff like that.

Is there an XML feed that does that already? Maybe there is but I've just not found it. There's the old MSSecure.XML from the HFNetChk command line tool (not updated since 2004 on the MS Downloads site, it appears), but even that's much more verbose than what I need. I've looked around here and here, and I have done some searching, just no luck. I figure they have the data available to build all those services, but I can't find a good detailed source to build my own lists.

I did three minutes worth of Excel work to play with the feed (and I suck at Excel so my formatting in it is poor, but it basically works) and came up with a working spreadsheet from the TechNet feed. I definitely need to be able to do more with it though. You can see my l33t Excel skiilz (um, not) here:

What I really want is to be able to automatically pull the details of each released security bulletin into a list or Excel spreadsheet, add my own metadata to each one, and have that list/spreadsheet live over time. I'm trying to avoid a whole lot of cut/paste activity and need to find a way to speed this process up. Before you say I should just use Excel and VBA to parse through the available data, let me ask you - What if Microsoft changes their formatting on their bulletins?

So - my biggest obstacle right now is a data feed. If anyone knows of one, drop me a line and let me know.



Add/Read: Comments [0]
IT Security | Tech
Sunday, 25 September 2005 04:36:04 (Pacific Standard Time, UTC-08:00)
#  Trackback

Referred by:
http://search.daum.net/ [Referral]
http://www.greghughes.net/ [Referral]
http://www.mailboxexchangerecovery.net/ [Referral]
http://www.edbrecover.com/ [Referral]
http://vetlib.info/user/developers/ [Referral]
http://www.motoforo.com/index.php?action=profile;u=240733 [Referral]
http://avto-plenki.ru/phpBB3/memberlist.php?mode=viewprofile... [Referral]
http://ultimate.samaradom.ru/forum/index.php?showuser=182724 [Referral]
http://www.semarmenia.gov.co/foro/memberlist.php?mode=viewpr... [Referral]
http://toprex.net/includes/guest/index.php?showuser=4884 [Referral]
http://gofrostal.com/phpBB3/memberlist.php?mode=viewprofile&... [Referral]
http://ofortilqa.livejournal.com/ [Referral]
http://breekviy.livejournal.com/ [Referral]
http://roanlill711.livejournal.com/ [Referral]
http://erfovfd.livejournal.com/ [Referral]
http://pacquiaobradley.org/ [Referral]
http://memori.ru/all/road/?nogroup=0&sort=pop&page=3 [Referral]
http://bobrdobr.ru/link/3d-bar-chart-icon_6789986/ [Referral]
http://www.malafarina.dk/webalizer/usage_201204.html [Referral]
http://www.google.com/search [Referral]
http://0sec.org/user/procedure/ [Referral]

More...
Comments are closed.