Security advisories

DeepLink – Macro-less Phishing

February 27, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

eSentire Threat Intelligence is aware of a recently discovered code execution technique affecting hosts running the Windows 10 operating system [1]. The Threat Intelligence team assesses with medium confidence that this technique does not pose an immediate threat to customers. Public samples examined by the eSentire Threat Intelligence team showed that antivirus solutions such as Windows Defender have released signatures to detect and block the DeepLink technique. At this time, eSentire has not observed threats employing this technique against eSentire customers. Should this change, eSentire Threat Intelligence will reassess the severity of this threat.

What we’re doing about it

What you should do about it

Additional Information

Figure 1: A Setting Content File embedded inside a PDF

[image src="/assets/9e9fc3af4a/deeplink-macro-less-phishing-setting-content-file-embedded-inside-a-pdf.png" id="2022" width="607" height="210" class="leftAlone ss-htmleditorfield-file image" title="deeplink macro less phishing setting content file embedded inside a pdf" alt="deeplink macro less phishing setting content file embedded inside a pdf screen shot of code"]


References:

[1] The Tale of Setting Content-MS Files
https://enigma0x3.net/2018/06/11/the-tale-of-settingcontent-ms-files/

[2] US-CERT website archive Least Privilege
https://www.us-cert.gov/bsi/articles/knowledge/principles/least-privilege

View Most Recent Advisories