Last active
July 15, 2020 18:36
-
-
Save darkpixel/549237f9ab8de57165d76762304a530a to your computer and use it in GitHub Desktop.
PDQ Inventory collections for detecting CVE-2020-1350 DNS vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="utf-8"?> | |
<AdminArsenal.Export Code="PDQInventory" Name="PDQ Inventory" Version="19.0.40.0" MinimumVersion="4.0"> | |
<Collection> | |
<ReportDefinition name="Definition"> | |
<RootFilter name="Filter"> | |
<Comparison>All</Comparison> | |
<Filters type="list"> | |
<ValueFilter> | |
<Table>Service</Table> | |
<Column>Name</Column> | |
<Comparison>Equals</Comparison> | |
<Value>dns</Value> | |
</ValueFilter> | |
</Filters> | |
</RootFilter> | |
<ReportDefinitionTypeName>BasicReportDefinition</ReportDefinitionTypeName> | |
<Columns type="list"> | |
<Column> | |
<Column>ComputerId</Column> | |
<Summary></Summary> | |
<Table>Computer</Table> | |
<Title></Title> | |
</Column> | |
</Columns> | |
</ReportDefinition> | |
<IsDrilldown value="true" /> | |
<ImportedPath></ImportedPath> | |
<TypeName>DynamicCollection</TypeName> | |
<Created>2020-07-15T08:16:03.0000000-07:00</Created> | |
<Description></Description> | |
<Error></Error> | |
<Id value="1310" /> | |
<IsEnabled value="true" /> | |
<Modified>2020-07-15T08:16:20.0000000-07:00</Modified> | |
<Name>DNS Servers</Name> | |
<ParentId value="null" /> | |
<Path>DNS Servers</Path> | |
<Type>DynamicCollection</Type> | |
<Children type="list"> | |
<Collection> | |
<ReportDefinition name="Definition"> | |
<RootFilter name="Filter"> | |
<Comparison>Any</Comparison> | |
<Filters type="list"> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4558998</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565483</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565503</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565511</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565524</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565529</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565535</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565536</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565537</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565539</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565540</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565541</Value> | |
</ValueFilter> | |
</Filters> | |
</RootFilter> | |
<ReportDefinitionTypeName>BasicReportDefinition</ReportDefinitionTypeName> | |
<Columns type="list"> | |
<Column> | |
<Column>ComputerId</Column> | |
<Summary></Summary> | |
<Table>Computer</Table> | |
<Title></Title> | |
</Column> | |
</Columns> | |
</ReportDefinition> | |
<IsDrilldown value="true" /> | |
<ImportedPath></ImportedPath> | |
<TypeName>DynamicCollection</TypeName> | |
<Created>2020-07-15T08:16:04.0000000-07:00</Created> | |
<Description></Description> | |
<Error></Error> | |
<Id value="1312" /> | |
<IsEnabled value="true" /> | |
<Modified>2020-07-15T08:19:16.0000000-07:00</Modified> | |
<Name>CVE-2020-1350 Patched</Name> | |
<ParentId value="1310" /> | |
<Path>DNS Servers\CVE-2020-1350 Patched</Path> | |
<Type>DynamicCollection</Type> | |
<Children type="list" /> | |
</Collection> | |
<Collection> | |
<ReportDefinition name="Definition"> | |
<RootFilter name="Filter"> | |
<Comparison>All</Comparison> | |
<Filters type="list"> | |
<GroupFilter> | |
<Comparison>NotAny</Comparison> | |
<Filters type="list"> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4558998</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565483</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565503</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565511</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565524</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565529</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565535</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565536</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565537</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565539</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565540</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>HotFix</Table> | |
<TableTitle>Hot Fix</TableTitle> | |
<Column>Name</Column> | |
<Comparison>Contains</Comparison> | |
<Value>KB4565541</Value> | |
</ValueFilter> | |
</Filters> | |
</GroupFilter> | |
<GroupFilter> | |
<Comparison>NotAll</Comparison> | |
<Filters type="list"> | |
<ValueFilter> | |
<Table>Registry</Table> | |
<Column>Hive</Column> | |
<Comparison>Equals</Comparison> | |
<Value>HKEY_LOCAL_MACHINE</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>Registry</Table> | |
<Column>PathName</Column> | |
<Comparison>Equals</Comparison> | |
<Value>SYSTEM\CurrentControlSet\Services\DNS\Parameters</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>Registry</Table> | |
<Column>Name</Column> | |
<Comparison>Equals</Comparison> | |
<Value>TcpReceivePacketSize</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>Registry</Table> | |
<Column>Value</Column> | |
<Comparison>Equals</Comparison> | |
<Value>65280</Value> | |
</ValueFilter> | |
</Filters> | |
</GroupFilter> | |
</Filters> | |
</RootFilter> | |
<ReportDefinitionTypeName>BasicReportDefinition</ReportDefinitionTypeName> | |
<Columns type="list"> | |
<Column> | |
<Column>ComputerId</Column> | |
<Summary></Summary> | |
<Table>Computer</Table> | |
<Title></Title> | |
</Column> | |
</Columns> | |
</ReportDefinition> | |
<IsDrilldown value="true" /> | |
<ImportedPath></ImportedPath> | |
<TypeName>DynamicCollection</TypeName> | |
<Created>2020-07-15T08:16:04.0000000-07:00</Created> | |
<Description></Description> | |
<Error></Error> | |
<Id value="1313" /> | |
<IsEnabled value="true" /> | |
<Modified>2020-07-15T08:25:00.0000000-07:00</Modified> | |
<Name>CVE-2020-1350 Vulnerable</Name> | |
<ParentId value="1310" /> | |
<Path>DNS Servers\CVE-2020-1350 Vulnerable</Path> | |
<Type>DynamicCollection</Type> | |
<Children type="list" /> | |
</Collection> | |
<Collection> | |
<ReportDefinition name="Definition"> | |
<RootFilter name="Filter"> | |
<Comparison>All</Comparison> | |
<Filters type="list"> | |
<ValueFilter> | |
<Table>Registry</Table> | |
<Column>Hive</Column> | |
<Comparison>Equals</Comparison> | |
<Value>HKEY_LOCAL_MACHINE</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>Registry</Table> | |
<Column>PathName</Column> | |
<Comparison>Equals</Comparison> | |
<Value>SYSTEM\CurrentControlSet\Services\DNS\Parameters</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>Registry</Table> | |
<Column>Name</Column> | |
<Comparison>Equals</Comparison> | |
<Value>TcpReceivePacketSize</Value> | |
</ValueFilter> | |
<ValueFilter> | |
<Table>Registry</Table> | |
<Column>Value</Column> | |
<Comparison>Equals</Comparison> | |
<Value>65280</Value> | |
</ValueFilter> | |
</Filters> | |
</RootFilter> | |
<ReportDefinitionTypeName>BasicReportDefinition</ReportDefinitionTypeName> | |
<Columns type="list"> | |
<Column> | |
<Column>ComputerId</Column> | |
<Summary></Summary> | |
<Table>Computer</Table> | |
<Title></Title> | |
</Column> | |
</Columns> | |
</ReportDefinition> | |
<IsDrilldown value="true" /> | |
<ImportedPath></ImportedPath> | |
<TypeName>DynamicCollection</TypeName> | |
<Created>2020-07-15T08:16:04.0000000-07:00</Created> | |
<Description></Description> | |
<Error></Error> | |
<Id value="1314" /> | |
<IsEnabled value="true" /> | |
<Modified>2020-07-15T08:16:04.0000000-07:00</Modified> | |
<Name>CVE-2020-1350 Remediated</Name> | |
<ParentId value="1310" /> | |
<Path>DNS Servers\CVE-2020-1350 Remediated</Path> | |
<Type>DynamicCollection</Type> | |
<Children type="list" /> | |
</Collection> | |
</Children> | |
</Collection> | |
</AdminArsenal.Export> |
Removed accidentally included collection for detecting GSPS
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I also created a PDQ Deploy package to remediate the issue via the Registry fix: https://gist.github.com/darkpixel/f638b1827b41b4e530a86854223f70fa