One Article Review
| Source |  TrendLabs Security |
|---|---|
| Identifiant | 433292 |
| Date de publication | 2017-11-15 10:00:45 (vue: 2017-11-15 10:00:45) |
| Titre | November\'s Patch Tuesday Includes Defense in Depth Update for Attacks Abusing Dynamic Data Exchange |
| Texte | Microsoft rolled out fixes for over 50 security issues in this month's Patch Tuesday. The updates cover vulnerabilities and bugs in the Windows operating system, Internet Explorer (IE), Edge, ASP .NET Core, Chakra Core browsing engine, and Microsoft Office. Microsoft also released a security advisory providing defense-in-depth mitigations against attacks abusing the Dynamic Data Exchange (DDE) protocol in light of recent attacks misusing this feature. Abusing DDE isn't new, but the method has made a resurgence with reports of cyberespionage and cybercriminal groups such as Pawn Storm, Keyboy, and FIN7 leveraging it to deliver their payloads. Post from: Trendlabs Security Intelligence Blog - by Trend Micro November's Patch Tuesday Includes Defense in Depth Update for Attacks Abusing Dynamic Data Exchange |
| Notes | |
| Envoyé | Oui |
| Condensat | abusing advisory against also asp attacks blog browsing bugs but chakra core cover cybercriminal cyberespionage data dde defense deliver depth dynamic edge engine exchange explorer feature fin7 fixes from: groups has includes intelligence internet isn issues keyboy leveraging light made method micro microsoft misusing mitigations month net new november office operating out over patch pawn payloads post protocol providing recent released reports resurgence rolled security storm such system trend trendlabs tuesday update updates vulnerabilities windows |
| Tags | |
| Stories | APT 28 APT 23 |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.