Intrusion Prevention

MS.Windows.Update.Spoofing

Description

This signature detects a DNS spoof attempt that redirects a request for windowsupdate.microsoft.com to a malicious server. This could be used as a compound attack, attempting to convince a user to download a malicious executable.

Affected Products

Any Microsoft Windows version.

Impact

Download a malicious executable.

Recommended Actions

N/A