KQL Search

Query Details

HomeAI ToolsDevice Query

Microsoft September Updates

Query

**Devices affected by September Security updates which includes 4 Zero-days & 79 Vulnerabilities fixed**

**Description:** Microsoft’s September 2024 Patch Tuesday has addressed a significant number of security vulnerabilities, including four zero-day exploits and a total of 79 vulnerabilities across various products.
This query helps to identify devices affected by the mentioned updates and add a column related to the corresponding updates/remediations information provided by Microsoft.

```
DeviceTvmSoftwareVulnerabilities | join kind=inner (DeviceTvmSoftwareVulnerabilitiesKB) on $left.CveId == $right.CveId | where RecommendedSecurityUpdate contains "September 2024 Security Updates" | 
extend URLSecurityUpdate = strcat("https://msrc.microsoft.com/update-guide/en-US/advisory/", CveId) | project CveId,IsExploitAvailable,URLSecurityUpdate,CvssScore,VulnerabilitySeverityLevel,RecommendedSecurityUpdate, DeviceName, DeviceId,RecommendedSecurityUpdateId, OSPlatform, SoftwareVendor, SoftwareName, SoftwareVersion | order by CvssScore
```

Explanation

This query is designed to identify devices that are affected by the security updates released by Microsoft in September 2024. These updates address a total of 79 vulnerabilities, including four zero-day exploits. The query performs the following steps:

  1. Join Tables: It combines data from two tables (DeviceTvmSoftwareVulnerabilities and DeviceTvmSoftwareVulnerabilitiesKB) based on a common identifier (CveId).

  2. Filter Updates: It filters the results to include only those devices that are affected by the "September 2024 Security Updates".

  3. Add URL Column: It creates a new column (URLSecurityUpdate) that provides a link to more detailed information about each vulnerability on Microsoft's update guide.

  4. Select Columns: It selects specific columns to display, including details about the vulnerability (like CveId, IsExploitAvailable, CvssScore, etc.) and information about the affected device (like DeviceName, DeviceId, OSPlatform, etc.).

  5. Sort Results: It sorts the results by the CvssScore, which indicates the severity of the vulnerabilities.

In summary, this query helps to identify and provide detailed information about devices affected by the September 2024 security updates, including links to more information about each vulnerability.

Details

Sergio Albea profile picture

Sergio Albea

Released: September 11, 2024

Tables

DeviceTvmSoftwareVulnerabilitiesDeviceTvmSoftwareVulnerabilitiesKB

Keywords

DevicesSecurityUpdatesVulnerabilitiesExploits

Operators

|joinon==wherecontainsextendstrcatprojectorder by

Actions