REST API returning missing data for Affected files

Question

REST API returning missing data for Affected files

Maya-BF opened this issue 4 years ago · 4 comments

Hi,

I'm using the security update rest api and I need the list of affected files, included in an update/remediation.

I've noticed that there is a field in the cvrf update under remediations called affected files that is always left out empty.

"Remediations": [
        {
          "Description": {
            "Value": "4580345"
          },
          "URL": "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4580345",
          "Supercedence": "4577051",
          "ProductID": [
            "10049"
          ],
          "Type": 2,
          "DateSpecified": false,
          **"AffectedFiles": []**,
          "RestartRequired": {
            "Value": "Yes"
          },
          "SubType": "Monthly Rollup"
        }
]

I found the list of files attached in a csv format included in the kb notes under file information but it's not always there and sometimes it's a table filled up from ajax, which makes it hard to automate.

Could you please add the affected files included in an update by product ID or suggest a way to get the list of files by product with their version like in the csv format?

Thanks.

Answer 1 · 2020-11-11T20:36:35.000Z

Hi @Maya-BF. Are you calling the CVRF API directly or using the PowerShell modules? If you are using the PowerShell modules, which command did you use?

Answer 2 · 2020-11-12T00:25:54.000Z

Hi @stmoor,

Thank you for you reply. I'm calling the CVRF API directly, the missing value of "Affected files" is in the returned json data.

PS: I've tried posting my issue on msft forums but was directed to posting it here.

Answer 3 · 2020-11-22T19:36:35.000Z

Hello,

As far as I can tell the AffectedFiles is returned by the API since the beginning (April 2016). It's just empty.

Currently, if you want to know what files are affected, you need to download every update from the catalog (ex: the URL you mentioned above): https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4580345

You can extract the content of an update using the 'Microsoft MSU Patch Extraction and Patch Organization Utility' by Greg Linares (@Laughing_Mantis) that you can find here:
https://gist.github.com/anonymous/d55f494982c0097111d3263cf7099c9d/forks

Answer 4 · 2020-11-30T16:28:25.000Z

Hello @p0w3rsh3ll

Thank you for the workaround and for the link.