MSE 之网络检测系统可以保护的漏洞，点第一个链接MMPC继续更新

ELOHIM

Microsoft Malware Protection Center - Network Inspection SystemNetwork Inspection System (NIS) signatures:

• Vulnerability-based signatures
• Exploit-based signatures
• Policy-based signatures
• Test signatures
  

Vulnerability-based NIS Signatures

Vulnerability:Win/ASP.NET.RCE!CVE-2007-0042

Vulnerability:Win/ASPNET.URI.InfoDisc!CVE-2006-1300

Vulnerability:Win/CMS.URI.RCE!CVE-2007-0938

Vulnerability:Win/CommServer.AuthFilter.RCE!CAN-2002-0050

Vulnerability:Win/CommServer.ISAPI.RCE!CAN-2002-0623

Vulnerability:Win/CommerceServer.OWC.RCE!CAN-2002-0621

Vulnerability:Win/CommerceServer.ProfileService.RCE!CAN-2002-0620

Vulnerability:Win/DNS.Client.RCE!CVE-2006-3441

Vulnerability:Win/DNS.NAPTR.RCE!CVE-2011-1966

Vulnerability:Win/DotNet.ChartControl.InfoDisc!CVE-2011-1977

Vulnerability:Win/Exchange.Literal.DoS!CVE-2007-0221

Vulnerability:Win/Exchange.OWA.XSS!CVE-2008-2247

Vulnerability:Win/Explorer.FolderGUID.RCE!CVE-2006-3281

Vulnerability:Win/Explorer.WinShell.RCE!CAN-2004-0214

Vulnerability:Win/Forefront.UAG.XSS!CVE-2011-1897

Vulnerability:Win/HTTP.Biztalk.RCE!CAN-2003-0117

Vulnerability:Win/HTTP.NSIISLog.RCE!CAN-2003-0227

Vulnerability:Win/IE.DirectShow.RCE!CVE-2008-0015

Vulnerability:Win/IE.MaskedEdit.RCE!CVE-2008-3704

Vulnerability:Win/IE.WME.RCE!CVE-2008-3008

Vulnerability:Win/IIS.FPSE.DoS!CAN-2002-0072

Vulnerability:Win/IIS.ISAPI.RCE!CAN-2002-0150

Vulnerability:Win/IIS.Request.RCE!CVE-2005-4360

Vulnerability:Win/IIS.URL.PE!CVE-2010-2731

Vulnerability:Win/IIS.WebDav.PE!CVE-2009-1122

Vulnerability:Win/MSIE.OLEAuto32.RCE!CVE-2011-1995

Vulnerability:Win/MSIE.Redirect.RCE!CVE-2011-1262

Vulnerability:Win/MSRPC.CSNW.RCE!CVE-2006-4688

Vulnerability:Win/MSRPC.DNS.RCE!CVE-2007-1748

Vulnerability:Win/MSRPC.EndPointMapper.DoS!CAN-2002-1561

Vulnerability:Win/MSRPC.LLS.RCE!CAN-2005-0050

Vulnerability:Win/MSRPC.LLSLPC.RCE!CVE-2009-2523

Vulnerability:Win/MSRPC.LSASS.RCE!CAN-2003-0533

Vulnerability:Win/MSRPC.LSASS.RCE!CVE-2009-2524

Vulnerability:Win/MSRPC.Locator.RCE!CAN-2003-0003

Vulnerability:Win/MSRPC.MSDTC.RCE!CVE-2005-2119

Vulnerability:Win/MSRPC.MSDTC.RCE!CVE-2006-0034

Vulnerability:Win/MSRPC.MSMQ.RCE!CAN-2005-0059

Vulnerability:Win/MSRPC.NETDDE.RCE!CAN-2004-0206

Vulnerability:Win/MSRPC.NRPC.DoS!CVE-2010-2742

Vulnerability:Win/MSRPC.PNP.RCE!CVE-2005-1983

Vulnerability:Win/MSRPC.RASMAN.RCE!CVE-2006-2371

Vulnerability:Win/MSRPC.RPRN.RCE!CVE-2005-1984

Vulnerability:Win/MSRPC.RRAS.RCE!CVE-2006-2370

Vulnerability:Win/MSRPC.SPOOLSS.RCE!CVE-2008-1446

Vulnerability:Win/MSRPC.SRVSVC.RCE!CVE-2006-3439

Vulnerability:Win/MSRPC.SRVSVC.RCE!CVE-2008-4250

Vulnerability:Win/MSRPC.WKSSVC.RCE!CAN-2003-0812

Vulnerability:Win/MSRPC.WebClient.RCE!CVE-2006-0013

Vulnerability:Win/MSXML.XMLHTTP.RCE!CVE-2006-5745

Vulnerability:Win/MediaPlayer.Skin.RCE!CAN-2003-0228

Vulnerability:Win/OutlookExpress.Headers.DoS!CAN-2004-0215

Vulnerability:Win/OutlookExpress.Mail.RCE!CVE-2010-0816

Vulnerability:Win/PNP.UMPNPMGR.RCE!CVE-2005-2120

Vulnerability:Win/PrintSpooler.NetShare.RCE!CVE-2009-0228

Vulnerability:Win/RDP.Web.PE!CVE-2011-1263

Vulnerability:Win/RPC.NWWKS.RCE!CVE-2006-4689

Vulnerability:Win/RPCSS.DCOM.DoS!CAN-2003-0605

Vulnerability:Win/RPCSS.MSGSVC.RCE!CVE-2003-0528

Vulnerability:Win/RPCSS.MSGSVC.RCE!CVE-2003-0717

Vulnerability:Win/RPCSS.NTLMSSPAuth.DoS!CVE-2007-2228

Vulnerability:Win/RPCSS.WKSSVC.RCE!CVE-2006-4691

Vulnerability:Win/SMB.ASN1.RCE!CVE-2003-0818

Vulnerability:Win/SMB.Browser.RCE!CVE-2011-0654

Vulnerability:Win/SMB.DFS.DoS!CVE-2011-1869

Vulnerability:Win/SMB.DFS.RCE!CVE-2011-1868

Vulnerability:Win/SMB.IndexSrv.RCE!CVE-2004-0897

Vulnerability:Win/SMB.LANMAN.DoS!CAN-2002-0724

Vulnerability:Win/SMB.MRXSMB.RCE!CVE-2010-0016

Vulnerability:Win/SMB.MRXSMB.RCE!CVE-2011-1268

Vulnerability:Win/SMB.Pool.RCE!CVE-2010-2550

Vulnerability:Win/SMB.Protocol.DoS!CVE-2008-4114

Vulnerability:Win/SMB.Rename.RCE!CVE-2006-4696

Vulnerability:Win/SMB.Rename.RCE!CVE-2008-4038

Vulnerability:Win/SMB.RequestParsing.DoS!CVE-2011-1267

Vulnerability:Win/SMB.Server.RCE!CVE-2006-1314

Vulnerability:Win/SMB.Server.RCE!CVE-2006-1315

Vulnerability:Win/SMB.Srv.RCE!CVE-2010-0020

Vulnerability:Win/SMB.TRANS.RCE!CVE-2006-3942

Vulnerability:Win/SMB.Trans.RCE!CVE-2008-4835

Vulnerability:Win/SMB.Transaction.RCE!CVE-2011-0661

Vulnerability:Win/SMB1.RtlCreateSecurityDescriptor.RCE!CVE-2010-0269

Vulnerability:Win/SMB2.SRV2.RCE!CVE-2009-3103

Vulnerability:Win/SMBv2.Command.RCE!CVE-2009-2532

Vulnerability:Win/SMBv2.DFS.DoS!CVE-2009-2526

Vulnerability:Win/SMTP.BDAT.DoS!CAN-2002-0055

Vulnerability:Win/SMTP.DNS.DoS!CVE-2010-0024

Vulnerability:Win/SMTP.Exchange.DoS!CAN-2002-0368

Vulnerability:Win/SMTP.Exchange.RCE!CAN-2003-0714

Vulnerability:Win/SharePoint.Layouts.RCE!CVE-2010-1264

Vulnerability:Win/Sharepoint.Calendar.XSS!CVE-2011-0653

Vulnerability:Win/Sharepoint.URL.XSS!CVE-2011-1893

Vulnerability:Win/TAPSRV.Client.RCE!CAN-2005-0058

Vulnerability:Win/UAG.Cookie.DoS!CVE-2011-2012

Vulnerability:Win/WebServer.ADFS.RCE!CVE-2009-2509

Vulnerability:Win/WebServicesOnDevices.WSDAPI.RCE!CVE-2009-2512

Exploit-based NIS Signatures

Exploit:Win/Browser.Shellcode.RCE!NIS-2009-0004

Exploit:Win/IE.Comctl32.RCE!CVE-2010-2746

Exploit:Win/IE.MSDAO.RCE!CVE-2011-0027

Exploit:Win/IE.MSHTML.RCE!CVE-2010-3971

Exploit:Win/IE.MSHTML.RCE!CVE-2011-0094

Exploit:Win/IE.MSN.RCE!CAN-2002-0155

Exploit:Win/MSIE.TSAC.RCE!CAN-2002-0726

Exploit:Win/IE.LegacyTextFormatting.RCE!CAN-2002-0647

Exploit:Win/MSIE.HelpActiveX.RCE!CAN-2002-0693

Exploit:Win/MSIE.PluginRendering.RCE!CAN-2003-0115

Exploit:Win/MSIE.BR549.RCE!CAN-2003-0530

Exploit:Win/MSIE.TroubleShooter.RCE!CVE-2003-0662

Exploit:Win/MSIE.WindowsShell.RCE!CAN-2004-0420

Exploit:Win/MSIE.InstallEngine.RCE!CVE-2004-0216

Exploit:Win/MSIE.IOleClientSite.RCE!CVE-2004-1319

Exploit:Win/MSIE.LViewProfiler.RCE!CVE-2005-2087

Exploit:Win/MSIE.COM.RCE!CAN-2005-1990

Exploit:Win/MSIE.COM.RCE!CVE-2005-2831

Exploit:Win/MSIE.MDT2DD.RCE!CVE-2006-1186

Exploit:Win/MDAC.RDS.RCE!CVE-2006-0003

Exploit:Win/FlashPlayer.LoadMovie.RCE!CVE-2006-0024

Exploit:Win/COM.ActiveX.RCE!CVE-2006-1303

Exploit:Win/ActiveX.DXImgTransform.RCE!CVE-2006-2383

Exploit:Win/ActiveX.DXImgTransform.RCE!CVE-2006-2383

Exploit:Win/COM.ActiveX.RCE!CVE-2006-3638

Exploit:Win/ActiveX.Hhctlr.RCE!CVE-2006-3357

Exploit:Win/VML.Fill.RCE!CVE-2006-4868

Exploit:Win/ActiveX.WebViewFolderIcon.RCE!CVE-2006-3730

Exploit:Win/ActiveX.Fpole.RCE!CVE-2006-4704

Exploit:Win/MSIE.VML.RCE!CVE-2007-0024

Exploit:Win/ActiveXControl.HHCtrl.DoS!CVE-2007-0214

Exploit:Win/ADODB.Connection.DoS!CVE-2006-5559

Exploit:Win/COM.ActiveX.RCE!CVE-2006-4697

Exploit:Win/COM.ActiveX.RCE!CVE-2007-0219

Exploit:Win/Agent.AgentCharactersLoad.RCE!CVE-2007-1205

Exploit:Win/COM.IME.RCE!CVE-2007-0942

Exploit:Win/WMS.MDSAuth.RCE!CVE-2007-2221

Exploit:Win/COM.CAPICOM.RCE!CVE-2007-0940

Exploit:Win/COM.URLMON.RCE!CVE-2007-0218

Exploit:Win/COM.SCM.RCE!CVE-2007-2222

Exploit:Win/MSIE.MSXML.RCE!CVE-2007-2223

Exploit:Win/VB.TBLinf32.RCE!CVE-2007-2216

Exploit:Win/VB.Pdwizard.RCE!CVE-2007-3041

Exploit:Win/MSIE.Agent.RCE!CVE-2007-3040

Exploit:Win/MSIE.ActiveXObject.RCE!CVE-2008-1086

Exploit:Win/IE.SpeechAPI.RCE!CVE-2007-0675

Exploit:Win/MSIE.ActiveX.PE!CVE-2008-2462

Exploit:Win/MSIE.Messenger.RCE!CVE-2008-0082

Exploit:Win/MSIE.FlexGrid.RCE!CVE-2008-4253

Exploit:Win/MSIE.FlexGrid.RCE!CVE-2008-4254

Exploit:Win/MSIE.ChartControls.RCE!CVE-2008-4256

Exploit:Win/MSIE.ParameterValidation.RCE!CVE-2008-4258

Exploit:Win/MSIE.ActiveX.RCE!CVE-2010-0252

Exploit:Win/IE.ActiveX.RCE!CVE-2010-3973

Exploit:Win/IIS.HelpSearch.XSS!CAN-2002-0074

Exploit:Win/DotNET.ASPState.RCE!CAN-2002-0369

Exploit:Win/SQLServer.SQLXML.RCE!CAN-2002-0186

Exploit:Win/CMS.SQLServer.RCE!CAN-2002-0719

Exploit:Win/ISA.Forms.XSS!CVE-2009-0237

Exploit:Win/IISUnicode.WebDav.PE!CVE-2009-1535

Exploit:Win/HTTP.URL.SQLInj!NIS-2009-0003

Exploit:Win/IIS.RedirectMsg.XSS!CAN-2002-0075

Exploit:Win/IIS.ErrorPage.XSS!CAN-2002-0148

Exploit:Win/HTTP.Biztalk.RCE!CAN-2003-0118

Exploit:Win/IIS.IndexService.XSS!CVE-2006-0032

Exploit:Win/SharePoint.Layouts.XSS!CVE-2010-0817

Exploit:Win/MSRPC.RPRN.RCE!CVE-2010-2729

Exploit:Win/SMB.ASN1.RCE!CAN-2004-0123

Policy-based NIS Signatures

Policy:Win/ActiveDirectory.NetLogon.DoS!CVE-2011-0040

Policy:Win/ASPNET.CBC.InfoDisc!CVE-2010-3332

Policy:Win/Exchange.CDO.RCE!CVE-2005-1987

Policy:Win/Forefront.UAG.Spoofing!CVE-2010-2732

Policy:Win/ForeFront.UAG.XSS!CVE-2010-2734

Policy:Win/HTTP.FileExtension.MisConfig!CVE-2009-4444

Policy:Win/HTTP.NSIISLOG.RCE!CAN-2003-0349

Policy:Win/HTTP.Parser.DoS!NIS-2009-0006

Policy:Win/HTTP.SafeHTML1.XSS!CVE-2010-3324

Policy:Win/HTTP.SafeHTML2.XSS!CVE-2010-3324

Policy:Win/HTTP.SharpointServices.XSS!CAN-2005-0049

Policy:Win/HTTP.URL.XSS!NIS-2009-0005

Policy:Win/HTTP.URLMON.RCE!CAN-2003-0113

Policy:Win/IE.ActiveX.DoS!CVE-2010-3340

Policy:Win/IIS.FastCGI.RCE!CVE-2010-2730

Policy:Win/MSIE.OBJ.RCE!CVE-2008-2256

Policy:Win/MSIE.SearchPath.PE!CVE-2008-2540

Policy:Win/MSIE.SearchPath.RCE!CVE-2008-2540

Policy:Win/MSRPC.HIS.RCE!CVE-2008-3466

Policy:Win/MSRPCH.CIS.DoS!CAN-2003-0807

Policy:Win/Outlook.Header.DoS!CVE-2006-1305

Policy:Win/POP3.Outlook.RCE!CAN-2002-1255

Policy:Win/RPCSS.DCOM.RCE!CAN-2003-0352

Policy:Win/Sharepoint.SafeHTML1.XSS!CVE-2010-3243

Policy:Win/Sharepoint.SafeHTML2.XSS!CVE-2010-3243

Policy:Win/SmartHTML.Shtml.RCE!CVE-2002-0692

Policy:Win/SMB.CIFS.RCE!CAN-2005-1206

Policy:Win/SMB.NegotiateResponse.RCE!CVE-2010-0017

Policy:Win/SMB.SRV.DoS!CVE-2010-0022

Policy:Win/SMB.SRV2.DoS!CVE-2010-2552

Policy:Win/SMB.TRANS.RCE!CVE-2008-4834

Policy:Win/SMB.WINREG.InfoDisc!CAN-2002-0049

Policy:Win/SMTP.AUTH.PE!CAN-2002-0054

Policy:Win/SMTP.Client.RCE!CAN-2002-0698

Policy:Win/SMTP.DNSLookups.RCE!CAN-2004-0840

Policy:Win/SMTP.STARTTLS.InfoDisc!CVE-2010-0025

Policy:Win/TLS.Header.MITM!CVE-2009-3555

Policy:Win/WinHTTP.ServicesAPI.RCE!CVE-2009-0086

Policy:Win/WINS.WPAD.MITM!CVE-2009-0094

Policy:Win/XMLCore.Location.RCE!CVE-2006-4685

Test NIS Signatures

Test:Win/NIS.HTTP.Signature!NIS-0000-0000

Test:Win/NIS.SMB.Signature!NIS-0000-0000

ELOHIM

最后二个是在测试当中的漏洞……

hb1990521

强烈谴责刷屏

ELOHIM

hb1990521 发表于 2012-2-12 23:48
强烈谴责刷屏

没有办法呀，内容太多了。。

maximilian2012

楼主发威，连续两篇长篇，不过的确是很有价值，学习了，再次支持和感谢！

ELOHIM

maximilian2012 发表于 2012-2-13 09:21
楼主发威，连续两篇长篇，不过的确是很有价值，学习了，再次支持和感谢！

这些内容只不过都是转载而已……只是想让更多人的知道MSE可以阻止的漏洞~~

maomao110

不知道这个是干什么的

ELOHIM

maomao110 发表于 2012-2-13 11:51
不知道这个是干什么的

就是MSE的nis网络检测系统可以保护的漏洞行为有哪些~

yestersummer

windows还是要靠update的，否则就真漏了！

ELOHIM

yestersummer 发表于 2012-2-13 14:24
windows还是要靠update的，否则就真漏了！

是的，金无足赤，人无完人嘛！~

只要有固定的更新时间就是对的。