# CVE Import Wizard

*Applies to: Patch My PC Publisher*

## ![](https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2FDG5cImXVRU1hcqa8itr2%2Fimage.png?alt=media\&token=6e4cc06a-1b96-425c-9f2f-8e370a6e4b0d) Overview

The CVE Import Wizard allows you to bulk match Common Vulnerabilities and Exposures (CVEs) against the Patch My PC catalog to quickly determine whether a fix is available, already published, or unavailable. This feature is commonly used when security teams provide a list of CVE IDs (for example from a vulnerability scanner or audit report) that need to be assessed and remediated.

<figure><img src="https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2Fvr6rdSsIqjIKMl7uI8Vy%2Fimage.png?alt=media&#x26;token=a6ae4cb4-d1cc-4555-ac10-50667bf3f3e5" alt="CVE Import Wizard"><figcaption></figcaption></figure>

{% hint style="warning" %}
**Important**

The CVE Import Wizard can only match CVE IDs that are present in the **latest Patch My PC catalog metadata**. If a CVE has been fixed in a newer version of an application but is not explicitly referenced in the catalog, it may not appear as **Available** in the wizard.

With this in mind, it’s important to note that vulnerabilities are often remediated by **upgrading to a later version of an application**. In some cases, deploying the latest version of a product by enabling it in the [**product tree**](https://docs.patchmypc.com/patch-my-pc-publisher/administration/updates/product-tree) may resolve a CVE, even if that CVE is not directly identified or matched by the CVE Import Wizard.
{% endhint %}

## Import a List of CVE IDs

1. Open the CVE Import Wizard.
2. Click **Browse**, and select a .csv or .txt file that contains the CVE IDs you wish to process.

<figure><img src="https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2FLsu2881i36FkwMoUjNYQ%2Fimage.png?alt=media&#x26;token=086fe594-3cc6-488e-9bb9-28e8c0a6f701" alt="CVE Import Wizard - Browse" width="563"><figcaption></figcaption></figure>

{% hint style="info" %}
**Note**

The Publisher will perform a regex against all columns and rows in the csv/txt file to look for the well known CVE ID format e.g. CVE-2025-34092
{% endhint %}

3. Click **Process**.

After the processing is complete, you will see the list of all CVE IDs detected in the table grouped by the state.

* **Available**\
  An update is available within the Patch My PC catalog, but it is not published within your environment yet.
* **Published**\
  The update is already published to WSUS/ConfigMgr and is available for deployment.
* **Unavailable**\
  No update is published that contains that CVE ID and there is no update in the Patch My PC catalog matching it.

<figure><img src="https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2FfciS0guZtKkx0ggvrzpC%2Fimage.png?alt=media&#x26;token=1d640ea5-7608-44ba-a9d8-92f48dbcce94" alt="Processed CVE List" width="563"><figcaption></figcaption></figure>

## Grouping Results

When Group By Products is enabled, the CVE Import Wizard organizes detected CVE IDs by vendor, and indicates the number of vulnerabilities by vendor. This view is makes it easier to understand which products are responsible for the highest number of CVEs and to prioritize remediation.

<figure><img src="https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2FuE25ssfZ21OZG7qpEbFK%2Fimage.png?alt=media&#x26;token=c6eae40b-e710-4701-903a-c662098ead9e" alt="Grouped Results" width="563"><figcaption></figcaption></figure>

## Importing Selected Patches

You can either individually select updates that are in an **Available** state or click the **Select All Available** button.

Once the desired updates are selected, click **Import Selected Patches** to publish them immediately. *Importing* in this context means **publishing the selected updates immediately**, outside of the normal sync schedule. After clicking this button, a dialog is displayed allowing you to monitor progress in the PatchMyPC.log file.

<figure><img src="https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2FZ9hiQ7MmGWXBQ4GRtby0%2Fimage.png?alt=media&#x26;token=34b385c5-aac2-4ece-b018-8e89a67a42e1" alt="Import Selected Patches" width="563"><figcaption></figcaption></figure>

A confirmation confirms the outcome of the import operation.

<figure><img src="https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2Favcnzny5qYTEswpzOzBz%2Fimage.png?alt=media&#x26;token=42c5bbc3-c415-4354-9234-84669ed25813" alt="Import Successful" width="324"><figcaption></figcaption></figure>

The PatchMyPC.log log file indicates that publish on demand was requested.

<figure><img src="https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2FmP8QrwxfWaGDR9lg9QJb%2Fimage.png?alt=media&#x26;token=4c1c6c71-4bef-4d22-b791-4fdda289a32f" alt="PatchMyPC.log indicates the publish on demand" width="563"><figcaption></figcaption></figure>

{% hint style="warning" %}
**Important**

Even if a product is not enabled in the **Updates** tab, any update selected in the CVE Import Wizard will be **published immediately** when **Import Selected Patches** is clicked.

Importing patches through the CVE Import Wizard **does not automatically enable** the corresponding product in the Updates tab. If the security team who provided the list of CVE IDs determined that a product should continue to be patched, we recommend enabling the product in the [**product tree**](https://docs.patchmypc.com/patch-my-pc-publisher/administration/updates/product-tree), on the Updates tab, to ensure that future updates for that product are published automatically.
{% endhint %}

## Reporting on Updates Imported

After updates are imported through the CVE Import Wizard, a report is generated based on the [Alerts ](https://docs.patchmypc.com/patch-my-pc-publisher/administration/alerts)you have configured. Depending on your alert configuration, you may receive notifications via Microsoft Teams, Slack, Email, or a combination of these.

In the example below, both a Teams webhook notification and an email report were received, confirming the updates that were imported.

<figure><img src="https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2Fq0TRTgWzL90wxo19eiqV%2Fimage.png?alt=media&#x26;token=f6ad1409-9dd9-4f7f-a4df-e05d24464408" alt="CVE Import Wizard Results by Webhook" width="563"><figcaption></figcaption></figure>

<figure><img src="https://3773699522-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX7dvS0r_4fc0AikgJS%2Fuploads%2FCeWABCRPVqVHaF6yC6Xe%2Fimage.png?alt=media&#x26;token=c39bf645-1f41-4b9d-b308-1ef6ce1d1410" alt="CVE Import Wizard Results by Email" width="563"><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.patchmypc.com/patch-my-pc-publisher/administration/updates/form-controls/cve-import-wizard.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.