本升级包为入侵防护特征库升级包，仅支持在固件版本5.6R10F00之上，引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为5.6.10.19827。该升级包新增/改进的规则有: 新增规则: 1. 攻击[24426]:RavenDB 4.1.4 跨站脚本攻击 2. 攻击[41654]:Linux watchdogs挖矿病毒恶意文件下载 3. 攻击[49027]:watchdogs挖矿木马DNS通信 4. 攻击[49026]:恶意程序windows/Brushaloader_a网络通信 5. 攻击[24427]:Video Downloader 和 Video Downloader Plus 谷歌Chrome浏览器扩展程序UXSS漏洞 6. 攻击[24428]:Drupal 8.6.9 REST 远程代码执行漏洞 7. 攻击[24429]:Windows Vista RSS Feeds Gadget 跨站点脚本漏洞(CVE-2007-3033) 8. 攻击[30716]:Chrome打开pdf文件信息泄露漏洞 9. 攻击[41655]:"驱动人生"下载器木马通信 10. 攻击[24430]:Microsoft Windows DHCP 服务代码执行(CVE-2019-0626) 11. 攻击[30717]:NTPsec ntpd process_control越界读取漏洞(CVE-2019-6444) 更新规则: 1. 攻击[21412]:Microsoft Internet Explorer WebViewFolderIcon "setSlice"整数溢出漏洞(CVE-2006-3730) 2. 攻击[61636]:Oracle BEA Weblogic Server console-help.portal XSS漏洞(CVE-2009-1975) 3. 攻击[20074]:Quiksoft EasyMail SMTP ActiveX控件远程栈缓冲区溢出漏洞 4. 攻击[62397]:Microsoft Internet Explorer语音控制对象内存破坏漏洞(CVE-2007-2222) 5. 攻击[62400]:Microsoft CAPICOM ActiveX控件远程代码执行漏洞（MS07-028） 6. 攻击[61780]:GNU Mailman附件正规化器UTF8文件名拒绝服务漏洞 7. 攻击[62776]:ebCrypt ActiveX控件任意文件覆盖及拒绝服务漏洞 8. 攻击[62788]:Microsoft Internet Explorer Sysmon拒绝服务漏洞 9. 攻击[62785]:Microsoft Internet Explorer HtmlDlgSafeHelper.HtmlDlgSafeHelper.fonts拒绝服务漏洞 10. 攻击[62754]:Microsoft Internet Explorer Applet文件路径拒绝服务漏洞 11. 攻击[20310]:Sendmail 8.12 邮件头处理远程缓冲区溢出攻击 12. 攻击[62408]:Apple WebKit WebCore 远程拒绝服务漏洞 13. 攻击[62409]:Microsoft Internet Explorer浏览器弹出窗口对象类型验证漏洞(MS03-040) 14. 攻击[62051]:iLife Photocast XML标题格式串漏洞 15. 攻击[62260]:Microsoft Excel日历对象验证内存破坏漏洞 16. 攻击[62468]:Oracle 9i HTTP服务器 OWA_UTIL存储过程信息泄露漏洞 17. 攻击[62283]:Internet Explorer 6 权限和访问控制漏洞 18. 攻击[24428]:Drupal 8.6.9 REST 远程代码执行漏洞（CVE-2019-6340） 19. 攻击[62287]:Microsoft Internet Explorer脚本操作处理器缓冲区溢出漏洞(MS06-013) 20. 攻击[24315]:Zoho ManageEngine OpManager FailOverHelperServlet跨站点脚本（CVE-2018-12998） 21. 攻击[62290]:Microsoft Windows 2000 TroubleShooter ActiveX控件缓冲区溢出漏洞 22. 攻击[20344]:Microsoft IIS 5.0 WebDAV远程缓冲区溢出攻击 23. 攻击[62293]:Microsoft Internet Explorer临时互联网文件文件夹访问漏洞 24. 攻击[62314]:Apple Safari for Windows协议处理命令注入漏洞 25. 攻击[62358]:Microsoft Windows Media Player插件缓冲区溢出漏洞(MS06-006) 26. 攻击[62368]:Microsoft PowerPoint列表值解析代码执行漏洞(MS08-051) 27. 攻击[62370]:Microsoft Windows WinHlp项目缓冲区溢出漏洞(http) 28. 攻击[62372]:Microsoft Vista侧栏联系人及天气小工具远程代码执行漏洞（MS07-048） 29. 攻击[62375]:Mozilla Firefox远程任意命令执行漏洞 30. 攻击[62376]:Microsoft Internet Explorer MSXML3竞争条件内存破坏漏洞(MS08-069) 31. 攻击[62485]:CUPS处理"/.."请求时逻辑错误远程拒绝服务漏洞 32. 攻击[62377]:Microsoft Windows Media Format运行时库远程任意指令执行漏洞 33. 攻击[62395]:Microsoft Internet Explorer COM对象实例化代码执行漏洞(MS06-021) 34. 攻击[61275]:Microsoft Internet Explorer事件处理跨域安全绕过漏洞(CVE-2008-3474) 35. 攻击[61302]:Firefox JavaScript: favicons代码插入执行漏洞 36. 攻击[61372]:uTorrent Torrent文件处理远程缓冲区溢出漏洞 37. 攻击[61374]:Apple Mac OS X Terminal x-man-path URI任意命令注入漏洞 38. 攻击[61476]:Altnet Download Manager ActiveX控件缓冲区溢出漏洞 39. 攻击[61552]:Microsoft Office PowerPoint遗留文件格式漏洞（client） 40. 攻击[61555]:Microsoft PowerPoint PP7X32.DLL库多个栈溢出漏洞（MS09-017） 41. 攻击[61559]:Microsoft PowerPoint Notes容器堆溢出漏洞（MS09-017） 42. 攻击[61560]:Microsoft Office PowerPoint数据越界漏洞 43. 攻击[20418]:Microsoft PCT协议远程缓冲区溢出攻击 44. 攻击[49022]:恶意病毒程序永恒之石DNS请求连接（EternalRocks） 注意事项: 1. 该升级包升级后引擎自动重启生效，不会造成会话中断，但ping包会丢3~5个，请选择合适的时间升级.

NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19827. This package include changed rules: new rules: 1. threat[24426]:RavenDB 4.1.4 Cross Site Scripting 2. threat[41654]:Miner Linux watchdogs Downloading Malicious Programs 3. threat[49027]:Watchdogs mining trojan DNS communication 4. threat[49026]:Malicious Program windows/Brushaloader_a Network Communications 5. threat[24427]:Video Downloader and Video Downloader Plus Chrome Extension UXSS Vulnerability 6. threat[24428]:Drupal 8.6.9 REST Remote Code Execution 7. threat[24429]:Windows Vista RSS Feeds Gadget Cross Site Scripting Vulnerability(CVE-2007-3033) 8. threat[30716]:Chrome opens pdf file information disclosure Vulnerability 9. threat[41655]:"Driver Talent" Downloader Trojan Communication 10. threat[24430]:Microsoft Windows DHCP Server Code Execution(CVE-2019-0626) 11. threat[30717]:NTPsec ntpd process_control Out of Bounds Read Vulnerability(CVE-2019-6444) update rules: 1. threat[21412]:Microsoft Internet Explorer WebViewFolderIcon setSlice Integer Overflow Vulnerability(CVE-2006-3730) 2. threat[61636]:Oracle BEA Weblogic Server console-help.portal Cross-Site Scripting Vulnerability(CVE-2009-1975) 3. threat[20074]:Quiksoft EasyMail SMTP ActiveX Controls Remote Stack Buffer Overflow Vulnerability 4. threat[62397]:Microsoft Internet Explorer Speech Control Object Memory Corruption Vulnerability(CVE-2007-2222) 5. threat[62400]:CAPICOM.Certificates ActiveX Control Remote Code Execution 6. threat[61780]:GNU Mailman Attachment Scrubber UTF8 Filename Denial of Service Vulnerability 7. threat[62776]:EBCRYPT ActiveX Denial of Service Vulnerability 8. threat[62788]:Microsoft Internet Explorer Sysmon Denial of Service Vulnerability 9. threat[62785]:Microsoft Internet Explorer HtmlDlgSafeHelper.HtmlDlgSafeHelper.fonts Denial of Service Vulnerability 10. threat[62754]:Microsoft Internet Explorer Applet File Path Denial of Service Vulnerability 11. threat[20310]:Sendmail 8.12 Mail Header Handling Remote Buffer Overflow 12. threat[62408]:Apple Webkit HTML Parsing Rowspan Denial of Service 13. threat[62409]:Microsoft Internet Explorer Browser Popup Window Object Type Validation Vulnerability(MS03-040) 14. threat[62051]:iLife Photocast XML Title Format String Vulnerability 15. threat[62260]:Microsoft Excel Calendar Object Validation Memory Corruption Vulnerability 16. threat[62468]:Oracle 9i HTTP Server OWA_UTIL Stored Procedures Information Disclosure Vulnerability 17. threat[62283]:Microsoft Internet Explorer File Upload Keystroke Hijack 18. threat[24428]:Drupal 8.6.9 REST Remote Code Execution(CVE-2019-6340) 19. threat[62287]:Microsoft Internet Explorer Script Action Handler Buffer Overflow Vulnerability(MS06-013) 20. threat[24315]:Zoho ManageEngine OpManager FailOverHelperServlet Cross-Site Scripting(CVE-2018-12998) 21. threat[62290]:Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Vulnerability 22. threat[20344]:Microsoft IIS 5.0 WebDAV Remote Buffer Overflow 23. threat[62293]:Microsoft Internet Explorer Temporary Internet Files Folder Access Vulnerability 24. threat[62314]:Apple Safari for Windows Remote Command Execution Vulnerability 25. threat[62358]:Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability(MS06-006) 26. threat[62368]:Microsoft PowerPoint List Value Parsing Remote Code Execution Vulnerability(MS08-051) 27. threat[62370]:Microsoft Windows WinHlp Item Buffer Overflow Vulnerability(http) 28. threat[62372]:Windows Vista Contacts Gadget Remote Code Execution Vulnerability 29. threat[62375]:Mozilla Firefox Remote Arbitrary Commands Execution Vulnerability 30. threat[62376]:Microsoft Internet Explorer MSXML3 Race Condition Memory Corruption Vulnerability(MS08-069) 31. threat[62485]:CUPS Malformed Directory Traversal HTTP Request DOS 32. threat[62377]:Microsoft Windows Media Format Runngingtime Remote Code Execution Exploition 33. threat[62395]:Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability(MS06-021) 34. threat[61275]:Microsoft Internet Explorer Event Handling Cross Domain Security Bypass Vulnerability(CVE-2008-3474) 35. threat[61302]:Mozilla Firefox PLUGINSPAGE Remote Script Code Execution Vulnerability 36. threat[61372]:uTorrent Torrent File Handling Remote Buffer Overflow Vulnerability 37. threat[61374]:Apple Mac OS X Terminal X-Man-Path Input Validation Vulnerability 38. threat[61476]:Altnet Download Manager ActiveX Control Buffer Overflow Vulnerability 39. threat[61552]:Microsoft Office PowerPoint Legacy File Format Vulnerability(client) 40. threat[61555]:Microsoft Office PowerPoint Memory Corruption Vulnerability（MS09-017） 41. threat[61559]:Microsoft Office PowerPoint Heap Corruption Vulnerability 42. threat[61560]:Microsoft Office PowerPoint Data Out of Bounds Vulnerability 43. threat[20418]:Microsoft PCT Protocol Remote Buffer Overflow 44. threat[49022]:Malware Eternal Stone DNS request connection Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.