Automating Microsoft Patch Review with PowerShell (MSRC-PatchReview)
Keeping up with Microsoft’s monthly security updates can be time-consuming, especially if you manage multiple systems or environments. The MSRC-PatchReview PowerShell script simplifies this process by automatically analyzing and summarizing security patches from the Microsoft Security Response Center (MSRC).
This tool helps you quickly identify critical CVEs, high-risk vulnerabilities, and affected products — all from the command line.
🔍 What Is MSRC-PatchReview?
MSRC-PatchReview is a PowerShell rewrite of the original patch_review.py script by kevthehermit.
It was developed by f-bader and designed to generate detailed vulnerability reports from Microsoft’s monthly patch data.
Instead of manually reviewing every CVE from MSRC advisories, this script automates the analysis and produces clear, structured output — perfect for IT admins, security analysts, and patch management teams.
⚙️ How It Works
The PowerShell script retrieves Microsoft’s monthly security update data and organizes it into an easy-to-read report.
You can choose between several output formats — human-readable text, JSON, or PowerShell objects — depending on how you want to use the results.
Basic Usage Example
.\patch_review.ps1 -Month "2025-09"
This command generates a report for September 2025 patches.
🧩 Key Features
| Feature | Description |
|---|---|
| PowerShell-based | Fully written in PowerShell for easy integration into automation workflows. |
| Flexible Reporting | Output can be plain text, JSON, or PowerShell objects for advanced analysis. |
| Custom CVE Source | Choose between Microsoft’s MSRC URLs or CVE.org links. |
| Adjustable CVE Severity Threshold | Define what counts as “high-risk” — default is CVSS base score ≥ 8.0. |
| Monthly Patch Review | Pass a month in YYYY-MM or YYYY-MMM format to fetch the correct data. |
| Quick Visibility | Instantly see critical vulnerabilities and affected Microsoft products. |
📄 Example Output
When you run the script, you get a structured summary of vulnerabilities for the chosen month.
Example (simplified):
Microsoft Security Patch Summary - September 2025
--------------------------------------------------
Total CVEs: 98
Critical: 12
Important: 73
Moderate: 13
Highest Rated CVEs:
- CVE-2025-1234: Windows Kernel Privilege Escalation (CVSS 9.8)
- CVE-2025-1277: Exchange Server Remote Code Execution (CVSS 9.1)
You can also export the results to JSON for integration with your SIEM, dashboard, or reporting tool.
🧠 Why It’s Useful for IT Admins and Security Teams
For organizations managing hundreds or thousands of endpoints, analyzing each monthly patch cycle manually is inefficient.
With MSRC-PatchReview, you can:
- Automate vulnerability tracking and risk scoring.
- Feed patch summaries into your PowerShell or Intune-based reporting dashboards.
- Save time during Patch Tuesday analysis.
- Focus only on critical and high-impact vulnerabilities.
This is especially helpful for Intune or Configuration Manager admins who already rely on PowerShell for patch automation.
🧰 Integration Ideas
Here are a few practical ways to use this script in your workflow:
- Schedule it with Task Scheduler to auto-generate monthly reports.
- Combine with Intune or SCCM logs to cross-reference unpatched systems.
- Export to JSON and feed results into Power BI or Excel dashboards.
- Send reports via email using
Send-MailMessageafter every Patch Tuesday.
🚀 Getting Started
- Visit the GitHub repo: github.com/f-bader/MSRC-PatchReview
- Download
patch_review.ps1. - Run PowerShell as Administrator.
- Execute the script with your desired month, e.g.:
.\patch_review.ps1 -Month "2025-10" - Review the generated summary or JSON file.
🧩 Final Thoughts
The MSRC-PatchReview PowerShell script is a lightweight, practical tool that brings automation to Microsoft’s monthly patch cycle.
If you’re an IT admin, security analyst, or anyone responsible for patch management, this can become part of your standard toolkit — helping you quickly identify high-severity CVEs and make informed patching decisions.
It’s open-source, easy to customize, and integrates naturally into PowerShell-based environments.
