收藏本站 |切换到宽版 | 更换论坛皮肤

找回密码忘记邮箱 QQ快速登录快速登录快速注册

卡饭»论坛 › 安全区 › 国外杀毒软件 › Microsoft Defender(MSE) › MSE网络检测系统的完整特征库信息

发新帖

查看: 3922|回复: 8

收起左侧

[一般话题] MSE网络检测系统的完整特征库信息

驭龙

发表于 2011-8-15 12:51:13 | 显示全部楼层 |阅读模式

本帖最后由 zdshsls 于 2011-8-15 12:55 编辑

今天刚刚看到MSE的网络检测系统特征库的详细信息，包含网络检测系统可以拦截的全部漏洞，所以我来跟大家分享一下

什么是Network Inspection System (NIS)?
Network Inspection System (NIS)是机会的一项功能用来缩小范围的开发软件漏洞披露和修补程序部署之间窗口的Forefront Threat Management Gateway 2010年。这被通过创建和部署时，利用漏洞尝试检测的NIS签名。NIS签名可通过Microsoft Update服务器。

哪里可以获得可用的NIS签名的完整列表？
所有当前可用的NIS签名的索引.

不同的严重等级，在NIS说明是什么意思？
有NIS writeups四种可能严重等级:

关键-指的是一个漏洞，利用漏洞可能允许无需用户操作的 Internet 蠕虫病毒的传播
重要的是指一个漏洞，利用漏洞可能导致受损的机密性、完整性或可用性的用户的数据，或完整性或处理资源的可用性
适度-指的是其可开发性，很大程度上，降低了默认配置、审计或开发困难等因素的漏洞
低-指的是其开发是极为困难，或影响很小的漏洞

不同NIS签名的类型是什么？
有三种类型的NIS signatures:

基于漏洞是指基于漏洞的特征码。这些签名将检测大多数变体的一个给定的漏洞中的漏洞。
利用基于-是指利用特定签名。这些签名将检测漏洞对一个给定的漏洞。
基于策略-是指通常用于审计目的和开发利用漏洞-既基于漏洞的签名可以写入时的特征码。
测试-是指通常用来测试NIS功能的签名。他们通常用于由客户确认NIS是积极检查网络通信量和警报的政策。

NIS说明"Authentication Required"意味着什么？
如果攻击者需要进行身份验证Authentication Required描述或不前开发一个给定的漏洞。

"Signature Detections"NIS描述中意味着什么？
Signature Detections提供基于遥测数据的特定NIS签名检测的数量。

Microsoft Malware Protection Center - Network Inspection System
Network Inspection System (NIS)（网络检测系统）签名：

基于漏洞的 NIS 特征码

Vulnerability:Win/ASP.NET.RCE!CVE-2007-0042

Vulnerability:Win/ASPNET.URI.InfoDisc!CVE-2006-1300

Vulnerability:Win/CMS.URI.RCE!CVE-2007-0938

Vulnerability:Win/CommerceServer.OWC.RCE!CAN-2002-0621

Vulnerability:Win/CommerceServer.ProfileService.RCE!CAN-2002-0620

Vulnerability:Win/CommServer.AuthFilter.RCE!CAN-2002-0050

Vulnerability:Win/CommServer.ISAPI.RCE!CAN-2002-0623

Vulnerability:Win/DNS.Client.RCE!CVE-2006-3441

Vulnerability:Win/Exchange.Literal.DoS!CVE-2007-0221

Vulnerability:Win/Exchange.OWA.XSS!CVE-2008-2247

Vulnerability:Win/Explorer.FolderGUID.RCE!CVE-2006-3281

Vulnerability:Win/Explorer.WinShell.RCE!CAN-2004-0214

Vulnerability:Win/HTTP.Biztalk.RCE!CAN-2003-0117

Vulnerability:Win/HTTP.NSIISLog.RCE!CAN-2003-0227

Vulnerability:Win/IE.DirectShow.RCE!CVE-2008-0015

Vulnerability:Win/IE.MaskedEdit.RCE!CVE-2008-3704

Vulnerability:Win/IE.WME.RCE!CVE-2008-3008

Vulnerability:Win/IIS.FPSE.DoS!CAN-2002-0072

Vulnerability:Win/IIS.ISAPI.RCE!CAN-2002-0150

Vulnerability:Win/IIS.Request.RCE!CVE-2005-4360

Vulnerability:Win/IIS.URL.PE!CVE-2010-2731

Vulnerability:Win/IIS.WebDav.PE!CVE-2009-1122

Vulnerability:Win/MediaPlayer.Skin.RCE!CAN-2003-0228

Vulnerability:Win/MSIE.Redirect.RCE!CVE-2011-1262

Vulnerability:Win/MSRPC.CSNW.RCE!CVE-2006-4688

Vulnerability:Win/MSRPC.DNS.RCE!CVE-2007-1748

Vulnerability:Win/MSRPC.EndPointMapper.DoS!CAN-2002-1561

Vulnerability:Win/MSRPC.LLS.RCE!CAN-2005-0050

Vulnerability:Win/MSRPC.LLSLPC.RCE!CVE-2009-2523

Vulnerability:Win/MSRPC.Locator.RCE!CAN-2003-0003

Vulnerability:Win/MSRPC.LSASS.RCE!CAN-2003-0533

Vulnerability:Win/MSRPC.LSASS.RCE!CVE-2009-2524

Vulnerability:Win/MSRPC.MSDTC.RCE!CVE-2005-2119

Vulnerability:Win/MSRPC.MSDTC.RCE!CVE-2006-0034

Vulnerability:Win/MSRPC.MSMQ.RCE!CAN-2005-0059

Vulnerability:Win/MSRPC.NETDDE.RCE!CAN-2004-0206

Vulnerability:Win/MSRPC.NRPC.DoS!CVE-2010-2742

Vulnerability:Win/MSRPC.PNP.RCE!CVE-2005-1983

Vulnerability:Win/MSRPC.RASMAN.RCE!CVE-2006-2371

Vulnerability:Win/MSRPC.RPRN.RCE!CVE-2005-1984

Vulnerability:Win/MSRPC.RRAS.RCE!CVE-2006-2370

Vulnerability:Win/MSRPC.SPOOLSS.RCE!CVE-2008-1446

Vulnerability:Win/MSRPC.SRVSVC.RCE!CVE-2006-3439

Vulnerability:Win/MSRPC.SRVSVC.RCE!CVE-2008-4250

Vulnerability:Win/MSRPC.WebClient.RCE!CVE-2006-0013

Vulnerability:Win/MSRPC.WKSSVC.RCE!CAN-2003-0812

Vulnerability:Win/MSXML.XMLHTTP.RCE!CVE-2006-5745

Vulnerability:Win/OutlookExpress.Headers.DoS!CAN-2004-0215

Vulnerability:Win/OutlookExpress.Mail.RCE!CVE-2010-0816

Vulnerability:Win/PNP.UMPNPMGR.RCE!CVE-2005-2120

Vulnerability:Win/PrintSpooler.NetShare.RCE!CVE-2009-0228

Vulnerability:Win/RPC.NWWKS.RCE!CVE-2006-4689

Vulnerability:Win/RPCSS.DCOM.DoS!CAN-2003-0605

Vulnerability:Win/RPCSS.MSGSVC.RCE!CVE-2003-0528

Vulnerability:Win/RPCSS.MSGSVC.RCE!CVE-2003-0717

Vulnerability:Win/RPCSS.NTLMSSPAuth.DoS!CVE-2007-2228

Vulnerability:Win/RPCSS.WKSSVC.RCE!CVE-2006-4691

Vulnerability:Win/SharePoint.Layouts.RCE!CVE-2010-1264

Vulnerability:Win/SMB.ASN1.RCE!CVE-2003-0818

Vulnerability:Win/SMB.Browser.RCE!CVE-2011-0654

Vulnerability:Win/SMB.DFS.DoS!CVE-2011-1869

Vulnerability:Win/SMB.DFS.RCE!CVE-2011-1868

Vulnerability:Win/SMB.IndexSrv.RCE!CVE-2004-0897

Vulnerability:Win/SMB.LANMAN.DoS!CAN-2002-0724

Vulnerability:Win/SMB.MRXSMB.RCE!CVE-2010-0016

Vulnerability:Win/SMB.MRXSMB.RCE!CVE-2011-1268

Vulnerability:Win/SMB.Pool.RCE!CVE-2010-2550

Vulnerability:Win/SMB.Protocol.DoS!CVE-2008-4114

Vulnerability:Win/SMB.Rename.RCE!CVE-2006-4696

Vulnerability:Win/SMB.Rename.RCE!CVE-2008-4038

Vulnerability:Win/SMB.RequestParsing.DoS!CVE-2011-1267

Vulnerability:Win/SMB.Server.RCE!CVE-2006-1314

Vulnerability:Win/SMB.Server.RCE!CVE-2006-1315

Vulnerability:Win/SMB.Srv.RCE!CVE-2010-0020

Vulnerability:Win/SMB.TRANS.RCE!CVE-2006-3942

Vulnerability:Win/SMB.Trans.RCE!CVE-2008-4835

Vulnerability:Win/SMB.Transaction.RCE!CVE-2011-0661

Vulnerability:Win/SMB1.RtlCreateSecurityDescriptor.RCE!CVE-2010-0269

Vulnerability:Win/SMB2.SRV2.RCE!CVE-2009-3103

Vulnerability:Win/SMBv2.Command.RCE!CVE-2009-2532

Vulnerability:Win/SMBv2.DFS.DoS!CVE-2009-2526

Vulnerability:Win/SMTP.BDAT.DoS!CAN-2002-0055

Vulnerability:Win/SMTP.DNS.DoS!CVE-2010-0024

Vulnerability:Win/SMTP.Exchange.DoS!CAN-2002-0368

Vulnerability:Win/SMTP.Exchange.RCE!CAN-2003-0714

Vulnerability:Win/TAPSRV.Client.RCE!CAN-2005-0058

Vulnerability:Win/WebServer.ADFS.RCE!CVE-2009-2509

Vulnerability:Win/WebServicesOnDevices.WSDAPI.RCE!CVE-2009-2512

Vulnerability:Win/DNS.NAPTR.RCE!CVE-2011-1966

Vulnerability:Win/DotNet.ChartControl.InfoDisc!CVE-2011-1977

Vulnerability:Win/RDP.Web.PE!CVE-2011-1263

回复

驭龙

楼主| 发表于 2011-8-15 12:51:48 | 显示全部楼层

利用基于 NIS 特征码

Exploit:Win/Browser.Shellcode.RCE!NIS-2009-0004

Exploit:Win/IE.Comctl32.RCE!CVE-2010-2746

Exploit:Win/IE.MSDAO.RCE!CVE-2011-0027

Exploit:Win/IE.MSHTML.RCE!CVE-2010-3971

Exploit:Win/IE.MSHTML.RCE!CVE-2011-0094

Exploit:Win/IE.MSN.RCE!CAN-2002-0155

Exploit:Win/MSIE.TSAC.RCE!CAN-2002-0726

Exploit:Win/IE.LegacyTextFormatting.RCE!CAN-2002-0647

Exploit:Win/MSIE.HelpActiveX.RCE!CAN-2002-0693

Exploit:Win/MSIE.PluginRendering.RCE!CAN-2003-0115

Exploit:Win/MSIE.BR549.RCE!CAN-2003-0530

Exploit:Win/MSIE.TroubleShooter.RCE!CVE-2003-0662

Exploit:Win/MSIE.WindowsShell.RCE!CAN-2004-0420

Exploit:Win/MSIE.InstallEngine.RCE!CVE-2004-0216

Exploit:Win/MSIE.IOleClientSite.RCE!CVE-2004-1319

Exploit:Win/MSIE.LViewProfiler.RCE!CVE-2005-2087

Exploit:Win/MSIE.COM.RCE!CAN-2005-1990

Exploit:Win/MSIE.COM.RCE!CVE-2005-2831

Exploit:Win/MSIE.MDT2DD.RCE!CVE-2006-1186

Exploit:Win/MDAC.RDS.RCE!CVE-2006-0003

Exploit:Win/FlashPlayer.LoadMovie.RCE!CVE-2006-0024

Exploit:Win/COM.ActiveX.RCE!CVE-2006-1303

Exploit:Win/ActiveX.DXImgTransform.RCE!CVE-2006-2383

Exploit:Win/ActiveX.DXImgTransform.RCE!CVE-2006-2383

Exploit:Win/COM.ActiveX.RCE!CVE-2006-3638

Exploit:Win/ActiveX.Hhctlr.RCE!CVE-2006-3357

Exploit:Win/VML.Fill.RCE!CVE-2006-4868

Exploit:Win/ActiveX.WebViewFolderIcon.RCE!CVE-2006-3730

Exploit:Win/ActiveX.Fpole.RCE!CVE-2006-4704

Exploit:Win/MSIE.VML.RCE!CVE-2007-0024

Exploit:Win/ActiveXControl.HHCtrl.DoS!CVE-2007-0214

Exploit:Win/ADODB.Connection.DoS!CVE-2006-5559

Exploit:Win/COM.ActiveX.RCE!CVE-2006-4697

Exploit:Win/COM.ActiveX.RCE!CVE-2007-0219

Exploit:Win/Agent.AgentCharactersLoad.RCE!CVE-2007-1205

Exploit:Win/COM.IME.RCE!CVE-2007-0942

Exploit:Win/WMS.MDSAuth.RCE!CVE-2007-2221

Exploit:Win/COM.CAPICOM.RCE!CVE-2007-0940

Exploit:Win/COM.URLMON.RCE!CVE-2007-0218

Exploit:Win/COM.SCM.RCE!CVE-2007-2222

Exploit:Win/MSIE.MSXML.RCE!CVE-2007-2223

Exploit:Win/VB.TBLinf32.RCE!CVE-2007-2216

Exploit:Win/VB.Pdwizard.RCE!CVE-2007-3041

Exploit:Win/MSIE.Agent.RCE!CVE-2007-3040

Exploit:Win/MSIE.ActiveXObject.RCE!CVE-2008-1086

Exploit:Win/IE.SpeechAPI.RCE!CVE-2007-0675

Exploit:Win/MSIE.ActiveX.PE!CVE-2008-2462

Exploit:Win/MSIE.Messenger.RCE!CVE-2008-0082

Exploit:Win/MSIE.FlexGrid.RCE!CVE-2008-4253

Exploit:Win/MSIE.FlexGrid.RCE!CVE-2008-4254

Exploit:Win/MSIE.ChartControls.RCE!CVE-2008-4256

Exploit:Win/MSIE.ParameterValidation.RCE!CVE-2008-4258

Exploit:Win/MSIE.ActiveX.RCE!CVE-2010-0252

Exploit:Win/IE.ActiveX.RCE!CVE-2010-3973

Exploit:Win/IIS.HelpSearch.XSS!CAN-2002-0074

Exploit:Win/DotNET.ASPState.RCE!CAN-2002-0369

Exploit:Win/SQLServer.SQLXML.RCE!CAN-2002-0186

Exploit:Win/CMS.SQLServer.RCE!CAN-2002-0719

Exploit:Win/ISA.Forms.XSS!CVE-2009-0237

Exploit:Win/IISUnicode.WebDav.PE!CVE-2009-1535

Exploit:Win/HTTP.URL.SQLInj!NIS-2009-0003

Exploit:Win/IIS.RedirectMsg.XSS!CAN-2002-0075

Exploit:Win/IIS.ErrorPage.XSS!CAN-2002-0148

Exploit:Win/HTTP.Biztalk.RCE!CAN-2003-0118

Exploit:Win/IIS.IndexService.XSS!CVE-2006-0032

Exploit:Win/SharePoint.Layouts.XSS!CVE-2010-0817

Exploit:Win/MSRPC.RPRN.RCE!CVE-2010-2729

Exploit:Win/SMB.ASN1.RCE!CAN-2004-0123

基于策略的 NIS 签名

Policy:Win/ActiveDirectory.NetLogon.DoS!CVE-2011-0040

Policy:Win/ASPNET.CBC.InfoDisc!CVE-2010-3332

Policy:Win/Exchange.CDO.RCE!CVE-2005-1987

Policy:Win/Forefront.UAG.Spoofing!CVE-2010-2732

Policy:Win/ForeFront.UAG.XSS!CVE-2010-2734

Policy:Win/HTTP.FileExtension.MisConfig!CVE-2009-4444

Policy:Win/HTTP.NSIISLOG.RCE!CAN-2003-0349

Policy:Win/HTTP.Parser.DoS!NIS-2009-0006

Policy:Win/HTTP.SafeHTML1.XSS!CVE-2010-3324

Policy:Win/HTTP.SafeHTML2.XSS!CVE-2010-3324

Policy:Win/HTTP.SharpointServices.XSS!CAN-2005-0049

Policy:Win/HTTP.URL.XSS!NIS-2009-0005

Policy:Win/HTTP.URLMON.RCE!CAN-2003-0113

Policy:Win/IE.ActiveX.DoS!CVE-2010-3340

Policy:Win/IIS.FastCGI.RCE!CVE-2010-2730

Policy:Win/MSIE.OBJ.RCE!CVE-2008-2256

Policy:Win/MSIE.SearchPath.PE!CVE-2008-2540

Policy:Win/MSIE.SearchPath.RCE!CVE-2008-2540

Policy:Win/MSRPC.HIS.RCE!CVE-2008-3466

Policy:Win/MSRPCH.CIS.DoS!CAN-2003-0807

Policy:Win/Outlook.Header.DoS!CVE-2006-1305

Policy:Win/POP3.Outlook.RCE!CAN-2002-1255

Policy:Win/RPCSS.DCOM.RCE!CAN-2003-0352

Policy:Win/Sharepoint.SafeHTML1.XSS!CVE-2010-3243

Policy:Win/Sharepoint.SafeHTML2.XSS!CVE-2010-3243

Policy:Win/SmartHTML.Shtml.RCE!CVE-2002-0692

Policy:Win/SMB.CIFS.RCE!CAN-2005-1206

Policy:Win/SMB.NegotiateResponse.RCE!CVE-2010-0017

Policy:Win/SMB.SRV.DoS!CVE-2010-0022

Policy:Win/SMB.SRV2.DoS!CVE-2010-2552

Policy:Win/SMB.TRANS.RCE!CVE-2008-4834

Policy:Win/SMB.WINREG.InfoDisc!CAN-2002-0049

Policy:Win/SMTP.AUTH.PE!CAN-2002-0054

Policy:Win/SMTP.Client.RCE!CAN-2002-0698

Policy:Win/SMTP.DNSLookups.RCE!CAN-2004-0840

Policy:Win/SMTP.STARTTLS.InfoDisc!CVE-2010-0025

Policy:Win/TLS.Header.MITM!CVE-2009-3555

Policy:Win/WinHTTP.ServicesAPI.RCE!CVE-2009-0086

Policy:Win/WINS.WPAD.MITM!CVE-2009-0094

Policy:Win/XMLCore.Location.RCE!CVE-2006-4685

测试 NIS 签名

Test:Win/NIS.HTTP.Signature!NIS-0000-0000

Test:Win/NIS.SMB.Signature!NIS-0000-0000

回复

kerry

发表于 2011-8-15 13:00:27 | 显示全部楼层

了解了解

回复

kris

发表于 2011-8-15 14:08:19 | 显示全部楼层

来了解一下

回复

吴伟宁

发表于 2011-8-15 14:50:54 | 显示全部楼层

NIS...诺顿...

回复

hj5abc

发表于 2011-8-15 19:34:04 | 显示全部楼层

在哪里找到的..

回复

驭龙

楼主| 发表于 2011-8-15 19:46:53 | 显示全部楼层

hj5abc 发表于 2011-8-15 19:34
在哪里找到的..

当然是MMPC了，呵呵

http://www.microsoft.com/security/portal/Shared/NISIndex.aspx

回复

andoyi

头像被屏蔽

发表于 2011-8-15 20:45:24 | 显示全部楼层

好长一串...NIS签名？

回复

hj5abc

发表于 2011-8-15 21:12:59 | 显示全部楼层

zdshsls 发表于 2011-8-15 19:46
当然是MMPC了，呵呵
http://www.microsoft.com/security/portal/Shared/NISIndex.aspx

我进入MMPC的首页，但没找到有入口可以看到NIS特征

回复

发新帖

高级模式

B Color Image Link Quote Code Smilies

您需要登录后才可以回帖登录 | 快速注册

本版积分规则回帖后跳转到最后一页

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-5-9 09:21 , Processed in 0.132613 second(s), 16 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究，不得将上述内容用于商业或者其他非法用途，否则产生的一切后果自负，本站信息来自网络，版权争议问题与本站无关，您必须在下载后的24小时之内从您的电脑中彻底删除上述信息，如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表