查看: 4078|回复: 8
收起左侧

[一般话题] MSE网络检测系统的完整特征库信息

[复制链接]
驭龙
发表于 2011-8-15 12:51:13 | 显示全部楼层 |阅读模式
本帖最后由 zdshsls 于 2011-8-15 12:55 编辑

今天刚刚看到MSE的网络检测系统特征库的详细信息,包含网络检测系统可以拦截的全部漏洞,所以我来跟大家分享一下



什么是Network Inspection System (NIS)?               
Network Inspection System (NIS)是机会的一项功能用来缩小范围的开发软件漏洞披露和修补程序部署之间窗口的Forefront Threat Management Gateway 2010年。这被通过创建和部署时,利用漏洞尝试检测的NIS签名。NIS签名可通过Microsoft Update服务器。

哪里可以获得可用的NIS签名的完整列表?
所有当前可用的NIS签名的索引.   

不同的严重等级,在NIS说明是什么意思?
有NIS writeups四种可能严重等级:
  • 关键-指的是一个漏洞,利用漏洞可能允许无需用户操作的 Internet 蠕虫病毒的传播
  • 重要的是指一个漏洞,利用漏洞可能导致受损的机密性、 完整性或可用性的用户的数据,或完整性或处理资源的可用性
  • 适度-指的是其可开发性,很大程度上,降低了默认配置、 审计或开发困难等因素的漏洞
  • -指的是其开发是极为困难,或影响很小的漏洞


不同NIS签名的类型是什么?
有三种类型的NIS signatures:
  • 基于漏洞是指基于漏洞的特征码。这些签名将检测大多数变体的一个给定的漏洞中的漏洞。
  • 利用基于-是指利用特定签名。这些签名将检测漏洞对一个给定的漏洞。
  • 基于策略-是指通常用于审计目的和开发利用漏洞-既基于漏洞的签名可以写入时的特征码。
  • 测试-是指通常用来测试NIS功能的签名。他们通常用于由客户确认NIS是积极检查网络通信量和警报的政策。


NIS说明"Authentication Required"意味着什么?
如果攻击者需要进行身份验证Authentication Required描述或不前开发一个给定的漏洞。

"Signature Detections"NIS描述中意味着什么?
Signature Detections提供基于遥测数据的特定NIS签名检测的数量。

Microsoft Malware Protection Center - Network Inspection System
Network Inspection System (NIS)(网络检测系统)签名:
基于漏洞的 NIS 特征码
Vulnerability:Win/ASP.NET.RCE!CVE-2007-0042
Vulnerability:Win/ASPNET.URI.InfoDisc!CVE-2006-1300
Vulnerability:Win/CMS.URI.RCE!CVE-2007-0938
Vulnerability:Win/CommerceServer.OWC.RCE!CAN-2002-0621
Vulnerability:Win/CommerceServer.ProfileService.RCE!CAN-2002-0620
Vulnerability:Win/CommServer.AuthFilter.RCE!CAN-2002-0050
Vulnerability:Win/CommServer.ISAPI.RCE!CAN-2002-0623
Vulnerability:Win/DNS.Client.RCE!CVE-2006-3441
Vulnerability:Win/Exchange.Literal.DoS!CVE-2007-0221
Vulnerability:Win/Exchange.OWA.XSS!CVE-2008-2247
Vulnerability:Win/Explorer.FolderGUID.RCE!CVE-2006-3281
Vulnerability:Win/Explorer.WinShell.RCE!CAN-2004-0214
Vulnerability:Win/HTTP.Biztalk.RCE!CAN-2003-0117
Vulnerability:Win/HTTP.NSIISLog.RCE!CAN-2003-0227
Vulnerability:Win/IE.DirectShow.RCE!CVE-2008-0015
Vulnerability:Win/IE.MaskedEdit.RCE!CVE-2008-3704
Vulnerability:Win/IE.WME.RCE!CVE-2008-3008
Vulnerability:Win/IIS.FPSE.DoS!CAN-2002-0072
Vulnerability:Win/IIS.ISAPI.RCE!CAN-2002-0150
Vulnerability:Win/IIS.Request.RCE!CVE-2005-4360
Vulnerability:Win/IIS.URL.PE!CVE-2010-2731
Vulnerability:Win/IIS.WebDav.PE!CVE-2009-1122
Vulnerability:Win/MediaPlayer.Skin.RCE!CAN-2003-0228
Vulnerability:Win/MSIE.Redirect.RCE!CVE-2011-1262
Vulnerability:Win/MSRPC.CSNW.RCE!CVE-2006-4688
Vulnerability:Win/MSRPC.DNS.RCE!CVE-2007-1748
Vulnerability:Win/MSRPC.EndPointMapper.DoS!CAN-2002-1561
Vulnerability:Win/MSRPC.LLS.RCE!CAN-2005-0050
Vulnerability:Win/MSRPC.LLSLPC.RCE!CVE-2009-2523
Vulnerability:Win/MSRPC.Locator.RCE!CAN-2003-0003
Vulnerability:Win/MSRPC.LSASS.RCE!CAN-2003-0533
Vulnerability:Win/MSRPC.LSASS.RCE!CVE-2009-2524
Vulnerability:Win/MSRPC.MSDTC.RCE!CVE-2005-2119
Vulnerability:Win/MSRPC.MSDTC.RCE!CVE-2006-0034
Vulnerability:Win/MSRPC.MSMQ.RCE!CAN-2005-0059
Vulnerability:Win/MSRPC.NETDDE.RCE!CAN-2004-0206
Vulnerability:Win/MSRPC.NRPC.DoS!CVE-2010-2742
Vulnerability:Win/MSRPC.PNP.RCE!CVE-2005-1983
Vulnerability:Win/MSRPC.RASMAN.RCE!CVE-2006-2371
Vulnerability:Win/MSRPC.RPRN.RCE!CVE-2005-1984
Vulnerability:Win/MSRPC.RRAS.RCE!CVE-2006-2370
Vulnerability:Win/MSRPC.SPOOLSS.RCE!CVE-2008-1446
Vulnerability:Win/MSRPC.SRVSVC.RCE!CVE-2006-3439
Vulnerability:Win/MSRPC.SRVSVC.RCE!CVE-2008-4250
Vulnerability:Win/MSRPC.WebClient.RCE!CVE-2006-0013
Vulnerability:Win/MSRPC.WKSSVC.RCE!CAN-2003-0812
Vulnerability:Win/MSXML.XMLHTTP.RCE!CVE-2006-5745
Vulnerability:Win/OutlookExpress.Headers.DoS!CAN-2004-0215
Vulnerability:Win/OutlookExpress.Mail.RCE!CVE-2010-0816
Vulnerability:Win/PNP.UMPNPMGR.RCE!CVE-2005-2120
Vulnerability:Win/PrintSpooler.NetShare.RCE!CVE-2009-0228
Vulnerability:Win/RPC.NWWKS.RCE!CVE-2006-4689
Vulnerability:Win/RPCSS.DCOM.DoS!CAN-2003-0605
Vulnerability:Win/RPCSS.MSGSVC.RCE!CVE-2003-0528
Vulnerability:Win/RPCSS.MSGSVC.RCE!CVE-2003-0717
Vulnerability:Win/RPCSS.NTLMSSPAuth.DoS!CVE-2007-2228
Vulnerability:Win/RPCSS.WKSSVC.RCE!CVE-2006-4691
Vulnerability:Win/SharePoint.Layouts.RCE!CVE-2010-1264
Vulnerability:Win/SMB.ASN1.RCE!CVE-2003-0818
Vulnerability:Win/SMB.Browser.RCE!CVE-2011-0654
Vulnerability:Win/SMB.DFS.DoS!CVE-2011-1869
Vulnerability:Win/SMB.DFS.RCE!CVE-2011-1868
Vulnerability:Win/SMB.IndexSrv.RCE!CVE-2004-0897
Vulnerability:Win/SMB.LANMAN.DoS!CAN-2002-0724
Vulnerability:Win/SMB.MRXSMB.RCE!CVE-2010-0016
Vulnerability:Win/SMB.MRXSMB.RCE!CVE-2011-1268
Vulnerability:Win/SMB.Pool.RCE!CVE-2010-2550
Vulnerability:Win/SMB.Protocol.DoS!CVE-2008-4114
Vulnerability:Win/SMB.Rename.RCE!CVE-2006-4696
Vulnerability:Win/SMB.Rename.RCE!CVE-2008-4038
Vulnerability:Win/SMB.RequestParsing.DoS!CVE-2011-1267
Vulnerability:Win/SMB.Server.RCE!CVE-2006-1314
Vulnerability:Win/SMB.Server.RCE!CVE-2006-1315
Vulnerability:Win/SMB.Srv.RCE!CVE-2010-0020
Vulnerability:Win/SMB.TRANS.RCE!CVE-2006-3942
Vulnerability:Win/SMB.Trans.RCE!CVE-2008-4835
Vulnerability:Win/SMB.Transaction.RCE!CVE-2011-0661
Vulnerability:Win/SMB1.RtlCreateSecurityDescriptor.RCE!CVE-2010-0269
Vulnerability:Win/SMB2.SRV2.RCE!CVE-2009-3103
Vulnerability:Win/SMBv2.Command.RCE!CVE-2009-2532
Vulnerability:Win/SMBv2.DFS.DoS!CVE-2009-2526
Vulnerability:Win/SMTP.BDAT.DoS!CAN-2002-0055
Vulnerability:Win/SMTP.DNS.DoS!CVE-2010-0024
Vulnerability:Win/SMTP.Exchange.DoS!CAN-2002-0368
Vulnerability:Win/SMTP.Exchange.RCE!CAN-2003-0714
Vulnerability:Win/TAPSRV.Client.RCE!CAN-2005-0058
Vulnerability:Win/WebServer.ADFS.RCE!CVE-2009-2509
Vulnerability:Win/WebServicesOnDevices.WSDAPI.RCE!CVE-2009-2512
Vulnerability:Win/DNS.NAPTR.RCE!CVE-2011-1966
Vulnerability:Win/DotNet.ChartControl.InfoDisc!CVE-2011-1977
Vulnerability:Win/RDP.Web.PE!CVE-2011-1263
驭龙
 楼主| 发表于 2011-8-15 12:51:48 | 显示全部楼层
利用基于 NIS 特征码
Exploit:Win/Browser.Shellcode.RCE!NIS-2009-0004
Exploit:Win/IE.Comctl32.RCE!CVE-2010-2746
Exploit:Win/IE.MSDAO.RCE!CVE-2011-0027
Exploit:Win/IE.MSHTML.RCE!CVE-2010-3971
Exploit:Win/IE.MSHTML.RCE!CVE-2011-0094
Exploit:Win/IE.MSN.RCE!CAN-2002-0155
Exploit:Win/MSIE.TSAC.RCE!CAN-2002-0726
Exploit:Win/IE.LegacyTextFormatting.RCE!CAN-2002-0647
Exploit:Win/MSIE.HelpActiveX.RCE!CAN-2002-0693
Exploit:Win/MSIE.PluginRendering.RCE!CAN-2003-0115
Exploit:Win/MSIE.BR549.RCE!CAN-2003-0530
Exploit:Win/MSIE.TroubleShooter.RCE!CVE-2003-0662
Exploit:Win/MSIE.WindowsShell.RCE!CAN-2004-0420
Exploit:Win/MSIE.InstallEngine.RCE!CVE-2004-0216
Exploit:Win/MSIE.IOleClientSite.RCE!CVE-2004-1319
Exploit:Win/MSIE.LViewProfiler.RCE!CVE-2005-2087
Exploit:Win/MSIE.COM.RCE!CAN-2005-1990
Exploit:Win/MSIE.COM.RCE!CVE-2005-2831
Exploit:Win/MSIE.MDT2DD.RCE!CVE-2006-1186
Exploit:Win/MDAC.RDS.RCE!CVE-2006-0003
Exploit:Win/FlashPlayer.LoadMovie.RCE!CVE-2006-0024
Exploit:Win/COM.ActiveX.RCE!CVE-2006-1303
Exploit:Win/ActiveX.DXImgTransform.RCE!CVE-2006-2383
Exploit:Win/ActiveX.DXImgTransform.RCE!CVE-2006-2383
Exploit:Win/COM.ActiveX.RCE!CVE-2006-3638
Exploit:Win/ActiveX.Hhctlr.RCE!CVE-2006-3357
Exploit:Win/VML.Fill.RCE!CVE-2006-4868
Exploit:Win/ActiveX.WebViewFolderIcon.RCE!CVE-2006-3730
Exploit:Win/ActiveX.Fpole.RCE!CVE-2006-4704
Exploit:Win/MSIE.VML.RCE!CVE-2007-0024
Exploit:Win/ActiveXControl.HHCtrl.DoS!CVE-2007-0214
Exploit:Win/ADODB.Connection.DoS!CVE-2006-5559
Exploit:Win/COM.ActiveX.RCE!CVE-2006-4697
Exploit:Win/COM.ActiveX.RCE!CVE-2007-0219
Exploit:Win/Agent.AgentCharactersLoad.RCE!CVE-2007-1205
Exploit:Win/COM.IME.RCE!CVE-2007-0942
Exploit:Win/WMS.MDSAuth.RCE!CVE-2007-2221
Exploit:Win/COM.CAPICOM.RCE!CVE-2007-0940
Exploit:Win/COM.URLMON.RCE!CVE-2007-0218
Exploit:Win/COM.SCM.RCE!CVE-2007-2222
Exploit:Win/MSIE.MSXML.RCE!CVE-2007-2223
Exploit:Win/VB.TBLinf32.RCE!CVE-2007-2216
Exploit:Win/VB.Pdwizard.RCE!CVE-2007-3041
Exploit:Win/MSIE.Agent.RCE!CVE-2007-3040
Exploit:Win/MSIE.ActiveXObject.RCE!CVE-2008-1086
Exploit:Win/IE.SpeechAPI.RCE!CVE-2007-0675
Exploit:Win/MSIE.ActiveX.PE!CVE-2008-2462
Exploit:Win/MSIE.Messenger.RCE!CVE-2008-0082
Exploit:Win/MSIE.FlexGrid.RCE!CVE-2008-4253
Exploit:Win/MSIE.FlexGrid.RCE!CVE-2008-4254
Exploit:Win/MSIE.ChartControls.RCE!CVE-2008-4256
Exploit:Win/MSIE.ParameterValidation.RCE!CVE-2008-4258
Exploit:Win/MSIE.ActiveX.RCE!CVE-2010-0252
Exploit:Win/IE.ActiveX.RCE!CVE-2010-3973
Exploit:Win/IIS.HelpSearch.XSS!CAN-2002-0074
Exploit:Win/DotNET.ASPState.RCE!CAN-2002-0369
Exploit:Win/SQLServer.SQLXML.RCE!CAN-2002-0186
Exploit:Win/CMS.SQLServer.RCE!CAN-2002-0719
Exploit:Win/ISA.Forms.XSS!CVE-2009-0237
Exploit:Win/IISUnicode.WebDav.PE!CVE-2009-1535
Exploit:Win/HTTP.URL.SQLInj!NIS-2009-0003
Exploit:Win/IIS.RedirectMsg.XSS!CAN-2002-0075
Exploit:Win/IIS.ErrorPage.XSS!CAN-2002-0148
Exploit:Win/HTTP.Biztalk.RCE!CAN-2003-0118
Exploit:Win/IIS.IndexService.XSS!CVE-2006-0032
Exploit:Win/SharePoint.Layouts.XSS!CVE-2010-0817
Exploit:Win/MSRPC.RPRN.RCE!CVE-2010-2729
Exploit:Win/SMB.ASN1.RCE!CAN-2004-0123
基于策略的 NIS 签名
Policy:Win/ActiveDirectory.NetLogon.DoS!CVE-2011-0040
Policy:Win/ASPNET.CBC.InfoDisc!CVE-2010-3332
Policy:Win/Exchange.CDO.RCE!CVE-2005-1987
Policy:Win/Forefront.UAG.Spoofing!CVE-2010-2732
Policy:Win/ForeFront.UAG.XSS!CVE-2010-2734
Policy:Win/HTTP.FileExtension.MisConfig!CVE-2009-4444
Policy:Win/HTTP.NSIISLOG.RCE!CAN-2003-0349
Policy:Win/HTTP.Parser.DoS!NIS-2009-0006
Policy:Win/HTTP.SafeHTML1.XSS!CVE-2010-3324
Policy:Win/HTTP.SafeHTML2.XSS!CVE-2010-3324
Policy:Win/HTTP.SharpointServices.XSS!CAN-2005-0049
Policy:Win/HTTP.URL.XSS!NIS-2009-0005
Policy:Win/HTTP.URLMON.RCE!CAN-2003-0113
Policy:Win/IE.ActiveX.DoS!CVE-2010-3340
Policy:Win/IIS.FastCGI.RCE!CVE-2010-2730
Policy:Win/MSIE.OBJ.RCE!CVE-2008-2256
Policy:Win/MSIE.SearchPath.PE!CVE-2008-2540
Policy:Win/MSIE.SearchPath.RCE!CVE-2008-2540
Policy:Win/MSRPC.HIS.RCE!CVE-2008-3466
Policy:Win/MSRPCH.CIS.DoS!CAN-2003-0807
Policy:Win/Outlook.Header.DoS!CVE-2006-1305
Policy:Win/POP3.Outlook.RCE!CAN-2002-1255
Policy:Win/RPCSS.DCOM.RCE!CAN-2003-0352
Policy:Win/Sharepoint.SafeHTML1.XSS!CVE-2010-3243
Policy:Win/Sharepoint.SafeHTML2.XSS!CVE-2010-3243
Policy:Win/SmartHTML.Shtml.RCE!CVE-2002-0692
Policy:Win/SMB.CIFS.RCE!CAN-2005-1206
Policy:Win/SMB.NegotiateResponse.RCE!CVE-2010-0017
Policy:Win/SMB.SRV.DoS!CVE-2010-0022
Policy:Win/SMB.SRV2.DoS!CVE-2010-2552
Policy:Win/SMB.TRANS.RCE!CVE-2008-4834
Policy:Win/SMB.WINREG.InfoDisc!CAN-2002-0049
Policy:Win/SMTP.AUTH.PE!CAN-2002-0054
Policy:Win/SMTP.Client.RCE!CAN-2002-0698
Policy:Win/SMTP.DNSLookups.RCE!CAN-2004-0840
Policy:Win/SMTP.STARTTLS.InfoDisc!CVE-2010-0025
Policy:Win/TLS.Header.MITM!CVE-2009-3555
Policy:Win/WinHTTP.ServicesAPI.RCE!CVE-2009-0086
Policy:Win/WINS.WPAD.MITM!CVE-2009-0094
Policy:Win/XMLCore.Location.RCE!CVE-2006-4685
测试 NIS 签名
Test:Win/NIS.HTTP.Signature!NIS-0000-0000
Test:Win/NIS.SMB.Signature!NIS-0000-0000

kerry
发表于 2011-8-15 13:00:27 | 显示全部楼层
了解了解
kris
发表于 2011-8-15 14:08:19 | 显示全部楼层
来了解一下
吴伟宁
发表于 2011-8-15 14:50:54 | 显示全部楼层
NIS...诺顿...
hj5abc
发表于 2011-8-15 19:34:04 | 显示全部楼层
在哪里找到的..
驭龙
 楼主| 发表于 2011-8-15 19:46:53 | 显示全部楼层
hj5abc 发表于 2011-8-15 19:34
在哪里找到的..

当然是MMPC了,呵呵
http://www.microsoft.com/security/portal/Shared/NISIndex.aspx
andoyi
头像被屏蔽
发表于 2011-8-15 20:45:24 | 显示全部楼层
好长一串...NIS签名?
hj5abc
发表于 2011-8-15 21:12:59 | 显示全部楼层
zdshsls 发表于 2011-8-15 19:46
当然是MMPC了,呵呵
http://www.microsoft.com/security/portal/Shared/NISIndex.aspx

我进入MMPC的首页,但没找到有入口可以看到NIS特征
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-11-24 03:32 , Processed in 0.135805 second(s), 16 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表