Does M$ even send out security patches

Posted:
in General Discussion edited January 2014
I just received an email from "Microsoft" saying to use the attached .exe file to patch IE, Outlook, and Outlook Express. Is it really from them or some joker who is sending out dubious patches for people to run on their Windows PC? Anybody else get an email like this? To my knowledge (or better judgement), M$ wouldn't be sending out patches out to people, right?



The "from" box of the email has this:



"MS Public Support" <>[email protected]<>



Whaddoyall think?
«1

Comments

  • Reply 1 of 23
    ast3r3xast3r3x Posts: 5,012member
    Quote:

    Originally posted by Randycat99

    I just received an email from "Microsoft" saying to use the attached .exe file to patch IE, Outlook, and Outlook Express. Is it really from them or some joker who is sending out dubious patches for people to run on their Windows PC? Anybody else get an email like this? To my knowledge (or better judgement), M$ wouldn't be sending out patches out to people, right?



    The "from" box of the email has this:



    "MS Public Support" <[email protected]>



    Whaddoyall think?




    haha i wouldn't run it...anythign they have can be downloaded from their site



    that is a clever trick though peopel are stupid
  • Reply 2 of 23
    randycat99randycat99 Posts: 1,919member
    I figured something fishy was going on!



    This is the body of the email:



    Quote:

    Microsoft Customer



    this is the latest version of security update, the

    "March 2003, Cumulative Patch" update which eliminates

    all known security vulnerabilities affecting Internet Explorer,

    Outlook and Outlook Express as well as five newly

    discovered vulnerabilities. Install now to protect your computer

    from these vulnerabilities, the most serious of which could allow

    an attacker to run executable on your system. This update includes

    the functionality of all previously released patches.



    System requirements Win 9x/Me/2000/NT/XP This update applies to Microsoft Internet Explorer, version 4.01 and later

    Microsoft Outlook, version 8.00 and later

    Microsoft Outlook Express, version 4.01 and later Recommendation Customers should install the patch at the earliest opportunity. How to install Run attached file. Click Yes on displayed dialog box. How to use You don't need to do anything after installing this item.



    Microsoft Product Support Services and Knowledge Base articles

    can be found on the <http://support.microsoft.com/>Microsoft Technical Support web site.

    For security-related information about Microsoft products, please

    visit the <http://www.microsoft.com/security> Microsoft Security Advisor web site, or <http://www.microsoft.com/isapi/goreg.../contactus.asp>Contact us.



    Please do not reply to this message. It was sent from an unmonitored

    e-mail address and we are unable to respond to any replies.



    Thank you for using Microsoft products.



    With friendly greetings,

    MS Public Support



  • Reply 3 of 23
    ast3r3xast3r3x Posts: 5,012member
    Quote:

    Microsoft Customer



    this is the latest version of security update, the

    "March 2003, Cumulative Patch" update which eliminates

    all known security vulnerabilities affecting Internet Explorer,

    Outlook and Outlook Express as well as five newly



    you think they would start out with 'this' and not 'This'?
  • Reply 4 of 23
    mcqmcq Posts: 1,543member
    As a sidenote, there was a Microsoft patch released today to fix a "critical" vulnerability in one of their scripting components.



    Details: C|Net: Windows flaws opens computers to attack



    Patch:

    Patch for vulnerability
  • Reply 5 of 23
    curiousuburbcuriousuburb Posts: 3,325member
    first it claims to eliminate "all known vulnerabilities" and then adds that it also fixes "five newly discovered vulnerabilities".



    all known != five newly discovered

    they were either in the "all" set or "all known" is meaningless



    no legitimate security bulletin with executable patches would come from an "unmonitored email"



    further proof can be found in the unbelievably syrupy salutatory tone. "with friendly greetings". microsoft support would sneer or expect you to continually patch it yourself rather than kindly send you - gratis - a magic bullet to six platforms and 3 generations of defective code



    forward (with the full email header) to ms security and ask them.
  • Reply 6 of 23
    randycat99randycat99 Posts: 1,919member
    Quote:

    Originally posted by curiousuburb

    further proof can be found in the unbelievably syrupy salutatory tone. "with friendly greetings". microsoft support would sneer or expect you to continually patch it yourself rather than kindly send you - gratis - a magic bullet to six platforms and 3 generations of defective code



    Yes, that part was pretty much the straw on the camel's back for me.



    What is the MS security email address, btw?
  • Reply 7 of 23
    mcqmcq Posts: 1,543member
  • Reply 8 of 23
    randycat99randycat99 Posts: 1,919member
    OK, thanks! I forwarded off the email with the extended headers and all. This is one case where it would be a joy to see M$ unleash the rape ape on someone.
  • Reply 9 of 23
    trevormtrevorm Posts: 841member
    Quote:

    Originally posted by Randycat99

    OK, thanks! I forwarded off the email with the extended headers and all. This is one case where it would be a joy to see M$ unleash the rape ape on someone.



    LOL! That would be one good thing that Microsoft could do with thanks to their money! I still get pissed when I get that sort of thing emailed to me! Drives me insane
  • Reply 10 of 23
    adpowersadpowers Posts: 188member
    Microsoft doesn't send out files with their security bulletins because it would use way to much bandwidth. Also, the people recieving the e-mails wouldn't want to clog up there mail boxes with large attached files and a lot of people have limited space in their mailboxes.



    Second, that doesn't fit the layout of standard M$ security bulletins. Plus, it had grammar mistakes!



    Next, ms.com resolves to Morgan Stanley, definately not M$. Besides, people can always forge e-mail adresses. That leads me to my next point:



    All MSBs are PGP signed so that you know it came from M$.
  • Reply 11 of 23
    stunnedstunned Posts: 1,096member
    Who cares?
  • Reply 12 of 23
    ast3r3xast3r3x Posts: 5,012member
    MS will run it when they get it and servers will be down for a day
  • Reply 13 of 23
    randycat99randycat99 Posts: 1,919member
    It does appear that a big new zombie attack is underway. This is the 3rd time this week I received a message from different people (I don't know) telling me to run some attached exe file to patch my M$ software. The latest 2 cited nearly page long lists of email addresses that I presume also received this message along with me. Each time the message and attachment name are changed. The consistent theme is that the attachment is a security patch for M$ software.
  • Reply 14 of 23
    torifiletorifile Posts: 4,024member
    Quote:

    Originally posted by Randycat99

    It does appear that a big new zombie attack is underway. This is the 3rd time this week I received a message from different people (I don't know) telling me to run some attached exe file to patch my M$ software. The latest 2 cited nearly page long lists of email addresses that I presume also received this message along with me. Each time the message and attachment name are changed. The consistent theme is that the attachment is a security patch for M$ software.



    This could be really bad (for those poor windows shleps, not us). I'm sure at least some of these people will run the 'patch' and the have some sort of a virus installed somewhere deep down in their MBR or something. I'm glad I'm a mac user.
  • Reply 15 of 23
    randycat99randycat99 Posts: 1,919member
    Got another one today. Each time, it is containing a lengthy list of CC addresses.



    Nobody else here is getting these messages?
  • Reply 16 of 23
    mcqmcq Posts: 1,543member
    Nope.. you're just the target of it all
  • Reply 17 of 23
    curiousuburbcuriousuburb Posts: 3,325member
    time to forward the full headered spam back up the isp chain... maybe they ran the virus or can block the spammer
  • Reply 18 of 23
    cubedudecubedude Posts: 1,556member
    Quote:

    Originally posted by torifile

    I'm glad I'm a mac user.



    Ditto.
  • Reply 19 of 23
    the same thing happened to me once when my sister's "army issue" gateway got infected with the klez virus(unknown to me or her) and decided to spoof my email address and send out to any address it could find or make up. the way it affected me is i would get hundreds of failed delivery attempts in my email box every day. it was driving me insane, i kept checking the headers, but i couldnt find a patter, until i started seeing addresses that were tweaked versions of her email address and her fiance's address.
  • Reply 20 of 23
    randycat99randycat99 Posts: 1,919member
    Is there a significance to the term:



    [email protected]



    ?



    Is that the name of a virus?
Sign In or Register to comment.