Vulristics: Beyond Microsoft Patch Tuesdays, Analyzing Arbitrary CVEs
source link: https://avleonov.com/2021/03/02/vulristics-beyond-microsoft-patch-tuesdays-analyzing-arbitrary-cves/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Vulristics: Beyond Microsoft Patch Tuesdays, Analyzing Arbitrary CVEs
Hello everyone! In this episode I would like to share an update for my Vulristics project.
For those who don’t know, in this project I am working on an alternative vulnerability scoring based on publicly available data to highlight vulnerabilities that need to be fixed as soon as possible. Roughly speaking, this is something like Tenable VPR, but more transparent and even open source. Currently it works with much less data sources. It mainly depends on the type of vulnerability, the prevalence of vulnerable software, public exploits and exploitation in the wild.
I started with Microsoft PatchTuesday Vulnerabilities because Microsoft provides much better data than other vendors. They have the type of vulnerability and the name of the vulnerable software in the title.
But it’s time to go further and now you can use Vulristics to analyze any set of CVEs. I changed the scirpts that were closely related to the Microsoft datasource and added new features to get the type of vulnerability and name of the software from the CVE description.
![Elevation of Privilege - Sudo (CVE-2021-3156) - High [595]](https://avleonov.com/wp-content/uploads/2021/03/image-2.png)
How to use it?
So the general process now looks like this:
- create a profile in JSON where you specify a list of CVEs to be processed
- start the analysis process to get a report
The profile format is the same as I used to generate Microsoft Patch Tuesday reports.
For Microsoft Patch Tuesday, the profile and report can be generated automatically by setting only the year and month.
And you can easily create a profile to generate a report for any CVE set.
How does the detection for Vulnerability Type and Product work?
And does it always work? Of course not. As I stated in the title of this project, it works heuristically.
A heuristic technique, or a heuristic (/hjʊəˈrɪstɪk/; Ancient Greek: εὑρίσκω, heurískō, ‘I find, discover’), is any approach to problem solving or self-discovery that employs a practical method that is not guaranteed to be optimal, perfect, or rational, but is nevertheless sufficient for reaching an immediate, short-term goal or approximation.
There is no AI magic in it, only the rules that you, as a practitioner, can set within th Vulristics framework. Vulnerability types and product names are searched by name in the rule or a set of additional strings.
Therefore, if some software or type of vulnerability is not found, you can easily add a rule, and next time it will work fine. If you share these discovery rules somehow, we can grow this database together. 
When the description-based detect failes Vulristics shown “Unknown Vulnerability Type” or “Unknown Product”.
What for can you use it?
Basically, it can be used with any tool that operates with CVE:
- Vulnerability scan results for one host/docker container or the entire infrastructure
- Vendor’s Security Bulletins
- Differences in the knowledge bases of the Vulnerability Scanners
Any other ideas?
That’s all for today! If someone wants to participate in the project, you are welcome to write to me on Telegram or in any other social network. Subscribe on youtube, press like buttons and leave your comments.
Hi! My name is Alexander and I am an Information Security Automation specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it much more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can also discuss my posts or ask a question at @avleonovchat.
Post navigation
← Microsoft Defender for Endpoint: Why You May Need It and How to Export Hosts via API in PythonLeave a Reply Cancel reply
Your email address will not be published. Required fields are marked *
Comment
Name *
Email *
Website
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Recommend
-
9
I am doing this episode about July vulnerabilities already in August. There are 2 reasons for this. First of all, July Microsoft Patch Tuesday was published in the middle of the month, as late as possible. Secondly, in the second half of July...
-
5
Vulristics Vulnerability Score, Automated Data Collection and Microsoft Patch Tuesdays Q4 2020
-
4
Vulristics: Microsoft Patch Tuesdays Q1 2021 Leave a reply Hello everyone! It has been 3 months si...
-
10
Vulristics: Microsoft Patch Tuesdays Q2 2021 Leave a reply Hello everyone! Let’s now talk about Mi...
-
8
Vulristics Microsoft Patch Tuesday July 2021: Zero-days EoP in Kernel and RCE in Scripting Engine, RCEs in Kernel, DNS Server, Exchange and Hyper-V
-
4
Vulristics May 2022 Update: CVSS redefinitions and bulk adding Microsoft products from MS CVE data
-
14
Latest Windows 11 and 10 Patch Tuesdays are trying to coax Chrome users to switch to Edge...
-
6
Hello everyone! This episode will be about Microsoft Patch Tuesday for July 2023, including vulnerabilities that were added between June and July Patch Tuesdays. Alternative video link (for Russia):
-
3
October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture
-
3
November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK