KQL Search

Query Details

HomeAI ToolsDevice Query

September Updates

Query

**Devices affected by September Security updates which includes 4 Zero-days & 79 Vulnerabilities fixed**

**Description:** Microsoft’s September 2024 Patch has addressed a significant number of security vulnerabilities, including four zero-day exploits and a total of 79 vulnerabilities across various products.
This query helps to identify devices affected by the mentioned updates and add a column related to the corresponding updates/remediations information provided by Microsoft.

```
DeviceTvmSoftwareVulnerabilities | join kind=inner (DeviceTvmSoftwareVulnerabilitiesKB) on $left.CveId == $right.CveId | where RecommendedSecurityUpdate contains "September 2024 Security Updates" | 
extend URLSecurityUpdate = strcat("https://msrc.microsoft.com/update-guide/en-US/advisory/", CveId) | project CveId,IsExploitAvailable,URLSecurityUpdate,CvssScore,VulnerabilitySeverityLevel,RecommendedSecurityUpdate, DeviceName, DeviceId,RecommendedSecurityUpdateId, OSPlatform, SoftwareVendor, SoftwareName, SoftwareVersion | order by CvssScore
```

Explanation

This query is designed to identify devices that are affected by Microsoft's September 2024 security updates, which address four zero-day exploits and a total of 79 vulnerabilities. Here's a simple breakdown of what the query does:

  1. Data Source: It starts by looking at two tables, DeviceTvmSoftwareVulnerabilities and DeviceTvmSoftwareVulnerabilitiesKB, which contain information about software vulnerabilities on devices.

  2. Joining Tables: It performs an inner join between these two tables based on the CveId (Common Vulnerabilities and Exposures ID), which is a unique identifier for each vulnerability.

  3. Filtering: It filters the results to include only those vulnerabilities that are part of the "September 2024 Security Updates."

  4. Adding Information: It creates a new column called URLSecurityUpdate that provides a link to more detailed information about each vulnerability on Microsoft's security update guide.

  5. Selecting Columns: It selects specific columns to display in the results, including details about the vulnerability (such as CveId, IsExploitAvailable, CvssScore, and VulnerabilitySeverityLevel), the recommended security update, and device-specific information (like DeviceName, DeviceId, OSPlatform, etc.).

  6. Sorting: Finally, it orders the results by the CvssScore, which indicates the severity of the vulnerabilities, with higher scores typically representing more severe vulnerabilities.

In summary, this query helps identify and provide detailed information about devices affected by the September 2024 security updates, focusing on the vulnerabilities addressed and their severity.

Details

Sergio Albea profile picture

Sergio Albea

Released: December 26, 2024

Tables

DeviceTvmSoftwareVulnerabilitiesDeviceTvmSoftwareVulnerabilitiesKB

Keywords

DeviceTvmSoftwareVulnerabilitiesCveIdRecommendedSecurityUpdateURLSecurityUpdateCvssScoreVulnerabilitySeverityLevelDeviceNameDeviceIdOSPlatformSoftwareVendorSoftwareNameSoftwareVersion

Operators

joinonwherecontainsextendstrcatprojectorder by

Actions