How the CVE Import Wizard Works for Matching CVE IDs
The ability to bulk match Common Vulnerabilities and Exposures (CVEs) has been a popular request on our UserVoice. We’re excited to release our CVE Import Wizard feature that will allow you to bulk match a list of CVEs from a CSV or Text file and display details about the status of the CVEs in the document.
Topics covered in this article:
The Basics of the CVE Import Wizard
Our CVE Import Wizard is designed to help track the status of a list of CVEs. The most common use case is a security team will provide a .CSV file containing a list of CVEs for tracking. Our tool will then query the following data sources to determine if the CVE has any matches:
- Software updates already published to WSUS/SCCM
- All available updates in our third-party update catalog metadata
The CVE scan will quickly allow you to bulk match a list of CVEs to understand if the fix for the security vulnerability is available from Patch My PC or if you may need to resolve the vulnerability using another mechanism.
How the CVE Import Wizard Works
To open the CVE Import Wizard, go to the Updates tab in the Publisher and click the Security Document button.
Click the Browse… button to select a CSV file containing a list of CVE IDs and then click Process. After the processing is complete, you will see the list of all CVE IDs detected in the table grouped by the state.
- Available = An update is available within the catalog, but it is not published within your environment yet.
- Published = The update is already published to WSUS/SCCM and is available for deployment.
- Unavailable = No update is published that contains that CVE ID and there is no update in our catalog matching it.
Here’s an example of a CSV file that contained 15 CVE IDs within it.
You can also check the checkbox to Group By Products. When enabled, the wizard will group the list of CVE IDs to the Product that had a match for that CVE ID.
Importing Available Updates Matching CVE IDs
One important actionable item in the CVE Import Wizard is publishing third-party updates on-demand based on the scan results. If updates are in an Available state, they can be selected and published on-demand.
You can either individually select updates in an Available state or click the Select All Available button.
Once you have selected the updates you want to publish-on-demand, you can click the Import Selected Patches. After clicking the Import Selected Patches button, you will receive a dialog box to monitor the PatchMyPC.log file.
The PatchMyPC.log file will show the selected updates being published.
Alerts for On-Demand Importing of Patches for CVEs
When using the Import Select Patches options, you will receive an email alert after the synchronization of selected updates is complete if SMTP emails are enabled. The email will contain important details about the CVE ID scan against the CSV file.
If Microsoft Teams alerts are enabled, you will receive normal teams alerts for any published updates in real-time as shown below: