Prerequisites
Advanced knowledge about the download and update installation processes.
Advanced knowledge about the deployed system and its various software subcomponents and processes.
Skills Required
Able to develop malicious code that can be used on the victim's system while maintaining normal functionality.
Mitigations
Only accept software updates from an official source.
Related Weaknesses
CWE-ID |
Weakness Name |
CWE-494 |
Download of Code Without Integrity Check The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. |
References
REF-710
Fake Microsoft update used in malicious email attack campaign
Sean Endicott.
https://www.msn.com/en-us/news/technology/fake-microsoft-update-used-in-malicious-email-attack-campaign/ar-AALTcVs
Submission
Name |
Organization |
Date |
Date Release |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
Modifications
Name |
Organization |
Date |
Comment |
CAPEC Content Team |
The MITRE Corporation |
2015-11-09 +00:00 |
Updated Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, References, Related_Attack_Patterns, Typical_Likelihood_of_Exploit |
CAPEC Content Team |
The MITRE Corporation |
2019-04-04 +00:00 |
Updated Related_Weaknesses |
CAPEC Content Team |
The MITRE Corporation |
2020-07-30 +00:00 |
Updated Description |
CAPEC Content Team |
The MITRE Corporation |
2022-02-22 +00:00 |
Updated Example_Instances, Mitigations, References |