MS.Windows.Update.Spoofing
Description
This signature detects a DNS spoof attempt that redirects a request for windowsupdate.microsoft.com to a malicious server. This could be used as a compound attack, attempting to convince a user to download a malicious executable.
Affected Products
Any Microsoft Windows version.
Impact
Download a malicious executable.
Recommended Actions
N/A
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-02 | 16.972 |