ÿþ<ManagementPack ContentReadable="true" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <Manifest> <Identity> <ID>AAA_MS08067_Vulnerability</ID> <Version>1.0.0.11</Version> </Identity> <Name>AAA_MS08067_Vulnerability</Name> <References> <Reference Alias="SC"> <ID>Microsoft.SystemCenter.Library</ID> <Version>6.0.6278.0</Version> <PublicKeyToken>31bf3856ad364e35</PublicKeyToken> </Reference> <Reference Alias="Windows"> <ID>Microsoft.Windows.Library</ID> <Version>6.0.6278.0</Version> <PublicKeyToken>31bf3856ad364e35</PublicKeyToken> </Reference> <Reference Alias="Health"> <ID>System.Health.Library</ID> <Version>6.0.6278.0</Version> <PublicKeyToken>31bf3856ad364e35</PublicKeyToken> </Reference> <Reference Alias="System"> <ID>System.Library</ID> <Version>6.0.6278.0</Version> <PublicKeyToken>31bf3856ad364e35</PublicKeyToken> </Reference> </References> </Manifest> <TypeDefinitions> <EntityTypes> <ClassTypes> <ClassType ID="AAA_MS08067_Vulnerability.Servers" Accessibility="Internal" Abstract="false" Base="Windows!Microsoft.Windows.LocalApplication" Hosted="true" Singleton="false" /> </ClassTypes> </EntityTypes> </TypeDefinitions> <Monitoring> <Discoveries> <Discovery ID="AAA_MS08067_Vulnerability.AAA_Server" Enabled="true" Target="Windows!Microsoft.Windows.Server.Computer" ConfirmDelivery="false" Remotable="true" Priority="Normal"> <Category>Discovery</Category> <DiscoveryTypes> <DiscoveryClass TypeID="AAA_MS08067_Vulnerability.Servers" /> </DiscoveryTypes> <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.FilteredRegistryDiscoveryProvider"> <ComputerName>$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName> <RegistryAttributeDefinitions> <RegistryAttributeDefinition> <AttributeName>IsServer</AttributeName> <Path>SOFTWARE</Path> <PathType>0</PathType> <AttributeType>0</AttributeType> </RegistryAttributeDefinition> </RegistryAttributeDefinitions> <Frequency>3600</Frequency> <ClassId>$MPElement[Name="AAA_MS08067_Vulnerability.Servers"]$</ClassId> <InstanceSettings> <Settings> <Setting> <Name>$MPElement[Name="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Name> <Value>$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Value> </Setting> <Setting> <Name>$MPElement[Name="System!System.Entity"]/DisplayName$</Name> <Value>$Target/Property[Type="System!System.Entity"]/DisplayName$</Value> </Setting> </Settings> </InstanceSettings> <Expression> <SimpleExpression> <ValueExpression> <XPathQuery Type="String">Values/IsServer</XPathQuery> </ValueExpression> <Operator>Equal</Operator> <ValueExpression> <Value Type="String">true</Value> </ValueExpression> </SimpleExpression> </Expression> </DataSource> </Discovery> </Discoveries> <Monitors> <UnitMonitor ID="AAA_MS08067_Vulnerability.Version" Accessibility="Internal" Enabled="true" Target="AAA_MS08067_Vulnerability.Servers" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.TimedScript.TwoStateMonitorType" ConfirmDelivery="false"> <Category>ConfigurationHealth</Category> <OperationalStates> <OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success" /> <OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Warning" /> </OperationalStates> <Configuration> <IntervalSeconds>3600</IntervalSeconds> <SyncTime /> <ScriptName>netapi32_Check.vbs</ScriptName> <Arguments>$Target/Property[Type="System!System.Entity"]/DisplayName$</Arguments> <ScriptBody><![CDATA[ Dim oArgs, strComputer, oAPI, oBag Set oArgs = WScript.Arguments if oArgs.Count <> 1 Then Wscript.Quit -1 Else strComputer = oArgs(0) End If Set oAPI = CreateObject("MOM.ScriptAPI") Set oBag = oAPI.CreatePropertyBag() If Checknetapi32Status() Then Call oBag.AddValue("netapi32Status","NOK") Else Call oBag.AddValue("netapi32Status","OK") End If Call oAPI.Return(oBag) Function Checknetapi32Status() On Error Resume Next Checknetapi32Status = False Const wbemFlagReturnImmediately = &h10 Const wbemFlagForwardOnly = &h20 strFileVersion = "5.2.3790.3228" Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") strQuery = "SELECT * FROM CIM_DataFile where Name = 'c:\\windows\\system32\\netapi32.dll'" Set colItems = objWMIService.ExecQuery(strQuery, "WQL", _ wbemFlagReturnImmediately + wbemFlagForwardOnly) For Each objItem In colItems If (objItem.Version > strFileVersion) Then Checknetapi32Status = False Else Checknetapi32Status = True End If Next End Function ]]></ScriptBody> <TimeoutSeconds>60</TimeoutSeconds> <ErrorExpression> <SimpleExpression> <ValueExpression> <XPathQuery Type="String">Property[@Name='netapi32Status']</XPathQuery> </ValueExpression> <Operator>Equal</Operator> <ValueExpression> <Value Type="String">NOK</Value> </ValueExpression> </SimpleExpression> </ErrorExpression> <SuccessExpression> <SimpleExpression> <ValueExpression> <XPathQuery Type="String">Property[@Name='netapi32Status']</XPathQuery> </ValueExpression> <Operator>Equal</Operator> <ValueExpression> <Value Type="String">OK</Value> </ValueExpression> </SimpleExpression> </SuccessExpression> </Configuration> </UnitMonitor> <UnitMonitor ID="AAA_MS08067_Vulnerability.Explioted" Accessibility="Internal" Enabled="true" Target="AAA_MS08067_Vulnerability.Servers" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.TimedScript.TwoStateMonitorType" ConfirmDelivery="false"> <Category>AvailabilityHealth</Category> <OperationalStates> <OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success" /> <OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Error" /> </OperationalStates> <Configuration> <IntervalSeconds>900</IntervalSeconds> <SyncTime /> <ScriptName>Exploited.vbs</ScriptName> <Arguments>$Target/Property[Type="System!System.Entity"]/DisplayName$</Arguments> <ScriptBody><![CDATA[' Enter a script that outputs a property bag ' Example VBScript: ' Dim oAPI, oBag Const wbemFlagReturnImmediately = &h10 Const wbemFlagForwardOnly = &h20 Dim oArgs, strComputer, fso Set fso = CreateObject("Scripting.FileSystemObject") Set oArgs = WScript.Arguments if oArgs.Count <> 1 Then Wscript.Quit -1 Else strComputer = oArgs(0) End If Set oAPI = CreateObject("MOM.ScriptAPI") Set oBag = oAPI.CreatePropertyBag() If (fso.FileExists("c:\windows\system32\Wbem\basesvc.dll") or fso.FileExists("c:\windows\Wbem\basesvc.dll")) Then Call oBag.AddValue("ExploitStatus","NOK") Else Call oBag.AddValue("ExploitStatus","OK") End If Call oAPI.Return(oBag) ]]></ScriptBody> <TimeoutSeconds>60</TimeoutSeconds> <ErrorExpression> <SimpleExpression> <ValueExpression> <XPathQuery Type="String">Property[@Name='ExploitStatus']</XPathQuery> </ValueExpression> <Operator>Equal</Operator> <ValueExpression> <Value Type="String">NOK</Value> </ValueExpression> </SimpleExpression> </ErrorExpression> <SuccessExpression> <SimpleExpression> <ValueExpression> <XPathQuery Type="String">Property[@Name='ExploitStatus']</XPathQuery> </ValueExpression> <Operator>Equal</Operator> <ValueExpression> <Value Type="String">OK</Value> </ValueExpression> </SimpleExpression> </SuccessExpression> </Configuration> </UnitMonitor> </Monitors> </Monitoring> <Presentation> <Views> <View ID="AAA_MS08067_Vulnerability.NetAPI32Version" Accessibility="Internal" Enabled="true" Target="AAA_MS08067_Vulnerability.Servers" TypeID="SC!Microsoft.SystemCenter.StateViewType" Visible="true"> <Category>ConfigurationHealth</Category> <Criteria /> </View> </Views> <Folders> <Folder ID="AAA_MS08067_Vulnerability._AAA_NetAPI32Version" Accessibility="Internal" ParentFolder="SC!Microsoft.SystemCenter.Monitoring.ViewFolder.Root" /> </Folders> <FolderItems> <FolderItem ElementID="AAA_MS08067_Vulnerability.NetAPI32Version" Folder="AAA_MS08067_Vulnerability._AAA_NetAPI32Version" /> </FolderItems> </Presentation> <LanguagePacks> <LanguagePack ID="ENU" IsDefault="true"> <DisplayStrings> <DisplayString ElementID="AAA_MS08067_Vulnerability"> <Name>_AAA_MS08067_Vulnerability</Name> </DisplayString> <DisplayString ElementID="AAA_MS08067_Vulnerability.Servers"> <Name>_AAA_MS08067_Vulnerability_Servers</Name> </DisplayString> <DisplayString ElementID="AAA_MS08067_Vulnerability.AAA_Server"> <Name>My Server</Name> </DisplayString> <DisplayString ElementID="AAA_MS08067_Vulnerability.Version"> <Name>c:\windows\system32\netapi32.dll Too Old</Name> <Description /> </DisplayString> <DisplayString ElementID="AAA_MS08067_Vulnerability.Version" SubElementID="Error"> <Name>Error</Name> </DisplayString> <DisplayString ElementID="AAA_MS08067_Vulnerability.Version" SubElementID="Success"> <Name>Success</Name> </DisplayString> <DisplayString ElementID="AAA_MS08067_Vulnerability.NetAPI32Version"> <Name>_AAA_NetAPI32Version</Name> <Description /> </DisplayString> <DisplayString ElementID="AAA_MS08067_Vulnerability._AAA_NetAPI32Version"> <Name>_AAA_NetAPI32Version</Name> <Description /> </DisplayString> <DisplayString ElementID="AAA_MS08067_Vulnerability.Explioted"> <Name>_AAA_Expointed</Name> <Description /> </DisplayString> <DisplayString ElementID="AAA_MS08067_Vulnerability.Explioted" SubElementID="Error"> <Name>Error</Name> </DisplayString> <DisplayString ElementID="AAA_MS08067_Vulnerability.Explioted" SubElementID="Success"> <Name>Success</Name> </DisplayString> </DisplayStrings> </LanguagePack> </LanguagePacks> </ManagementPack>