msrc_search
Search Microsoft security updates (Patch Tuesday) from the official MSRC API. Combines keyword search, CVE/KB lookup, and product/severity/exploitation filtering into a single flexible tool. All filter parameters are optional and can be combined. When no filters are provided, returns the most urgent vulnerabilities from the most recent *released* Patch Tuesday (CISA-KEV- listed or exploited first, then by EPSS exploitation probability, severity, and CVSS score). The upcoming month's document exists before its Patch Tuesday but only holds early Chromium/third-party and out-of-band entries; it is skipped by default and served only when requested via month=. Results are enriched with EPSS scores (FIRST.org daily exploit prediction, 0-1) and CISA KEV (Known Exploited Vulnerabilities) catalog data when available. Use this tool to: - Get the latest Patch Tuesday overview (include_stats=True, limit=0) - Browse the most urgent fixes this month (no filters) - Look up a specific CVE with full detail (cve="CVE-2026-41108") -- works across all months, returns KBs, affected products, CVSS, description, FAQs, EPSS score, and KEV status - Find which CVEs a KB article fixes (kb="5094123" or kb="KB5094123") -- scans recent months, or a specific month when combined with month= - Look up many KBs in one call (kb=["5094123", "KB5094127", ...], up to 30) -- e.g. a machine's installed-update list; returns one grouped per-KB result entry each, with per-KB found/not-found status - Check whether a KB has been superseded by newer patches (kb="5087538", include_chain=True) -- walks Microsoft-stated supersedence links - Find KEV-listed CVEs this month (kev=True) -- confirmed exploited, with federal remediation due dates - High exploitation probability (min_epss=0.5) -- EPSS >= 50% - Search by keyword (query="Exchange" or query="DNS spoofing") - Filter to a product (product="Windows Server 2022") -- partial match - Filter to a product watchlist (product_profile="identity-core", or products=["Exchange Server", "Windows Server"] / product_families=["Windows", "Azure"]) -- keeps vulns matching any listed product or family; matching is local and profiles never leave the host - Filter by severity (severity="Critical") -- Critical/Important/Moderate/Low - Find actively exploited vulnerabilities (exploited=True) - Find publicly disclosed zero-days (publicly_disclosed=True) - Filter by CVSS score (min_cvss=8.0) - Look at a past month (month="2026-Apr" or month="2026-04") - Combine filters (product="Exchange" + severity="Critical" + month="2026-05") - Search a historical range (query="HTTP.sys" + months_back=6, or start_month="2026-Jan" + end_month="2026-Jun") -- aggregates matching CVEs across released months with per-month trend counts - Paginate with offset (offset=10, limit=10 for page 2) Args: query: Optional keyword; case-insensitive match across CVE ID, title, description, component tag, and affected product names. cve: Optional CVE ID (e.g. "CVE-2026-41108"). Fast path: ignores other filters and returns full detail for that single CVE, searching across all months automatically. kb: Optional KB article number (e.g. "5094123" or "KB5094123") or a list of up to 30 of them for a batched lookup. Fast path: returns the CVEs fixed by that KB, scanning the most recent months (up to 6), or only the given month when month= is also set. A list input returns a grouped response instead: a results array with one entry per KB ("kb", "found", and on success the same body as a single-KB lookup; on a miss "error"/"error_kind"), deduplicated, order preserved. limit/offset apply per KB; other filters are ignored. Accepts numeric KB ids only (any malformed list entry fails the whole call); kb_articles in results may also contain non-KB vendor-fix labels such as "Release Notes", which cannot be looked up here. month: Optional monthly release to search, formatted "2026-Apr" or "2026-04". Defaults to the most rece
Parameters38
| query | any | optional | |
| cve | any | optional | |
| kb | any | optional | |
| month | any | optional | |
| product | any | optional | |
| product_profile | any | optional | |
| products | any | optional | |
| product_families | any | optional | |
| severity | any | optional | |
| exploited | any | optional | |
| publicly_disclosed | any | optional | |
| kev | any | optional | |
| ransomware | any | optional | |
| exploitation_likely | any | optional | |
| cwe | any | optional | |
| min_epss | any | optional | |
| min_cvss | any | optional | |
| attack_vector | any | optional | |
| privileges_required | any | optional | |
| user_interaction | any | optional | |
| scope | any | optional | |
| include_chain | boolean | optional | |
| include_guidance | boolean | optional | |
| include_references | boolean | optional | |
| include_kb_details | boolean | optional | |
| include_kev_details | boolean | optional | |
| include_temporal | boolean | optional | |
| list_months | boolean | optional | |
| format | string | optional | |
| report | any | optional | |
| force_refresh | boolean | optional | |
| include_freshness | boolean | optional | |
| months_back | any | optional | |
| start_month | any | optional | |
| end_month | any | optional | |
| limit | integer | optional | |
| offset | integer | optional | |
| include_stats | boolean | optional |
Raw schema
{
"type": "object",
"properties": {
"query": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null
},
"cve": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null
},
"kb": {
"anyOf": [
{
"type": "string"
},
{
"items": {
"type": "string"
},
"type": "array"
},
{
"type": "null"
}
],
"default": null
},
"month": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null
},
"product": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null
},
"product_profile": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null
},
"products": {
"anyOf": [
{
"items": {
"type": "string"
},
"type": "array"
},
{
"type": "null"
}
],
"default": null
},
"product_families": {
"anyOf": [
{
"items": {
"type": "string"
},
"type": "array"
},
{
"type": "null"
}
],
"default": null
},
"severity": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null
},
"exploited": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "null"
}
],
"default": null
},
"publicly_disclosed": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "null"
}
],
"default": null
},
"kev": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "null"
}
],
"default": null
},
"ransomware": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "null"
}
],
"default": null
},
"exploitation_likely": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "null"
}
],
"default": null
},
"cwe": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null
},
"min_epss": {
"anyOf": [
{
"maximum": 1,
"minimum": 0,
"type": "number"
},
{
"type": "null"
}
],
"default": null
},
"min_cvss": {
"anyOf": [
{
"maximum": 10,
"minimum": 0,
"type": "number"
},
{
"type": "null"
}
],
"default": null
},
"attack_vector": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null
},
"privileges_required": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null
},
"user_interaction": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null
},
"scope": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null
},
"include_chain": {
"default": false,
"type": "boolean"
},
"include_guidance": {
"default": false,
"type": "boolean"
},
"include_references": {
"default": false,
"type": "boolean"
},
"include_kb_details": {
"default": false,
"type": "boolean"
},
"include_kev_details": {
"default": false,
"type": "boolean"
},
"include_temporal": {
"default": false,
"type": "boolean"
},
"list_months": {
"default": false,
"type": "boolean"
},
"format": {
"default": "json",
"type": "string"
},
"report": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null
},
"force_refresh": {
"default": false,
"type": "boolean"
},
"include_freshness": {
"default": false,
"type": "boolean"
},
"months_back": {
"anyOf": [
{
"type": "integer"
},
{
"type": "null"
}
],
"default": null
},
"start_month": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null
},
"end_month": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null
},
"limit": {
"default": 10,
"maximum": 100,
"minimum": 0,
"type": "integer"
},
"offset": {
"default": 0,
"minimum": 0,
"type": "integer"
},
"include_stats": {
"default": false,
"type": "boolean"
}
}
}