Does M$ even send out security patches
I just received an email from "Microsoft" saying to use the attached .exe file to patch IE, Outlook, and Outlook Express. Is it really from them or some joker who is sending out dubious patches for people to run on their Windows PC? Anybody else get an email like this? To my knowledge (or better judgement), M$ wouldn't be sending out patches out to people, right?
The "from" box of the email has this:
"MS Public Support" <>[email protected]<>
Whaddoyall think?
The "from" box of the email has this:
"MS Public Support" <>[email protected]<>
Whaddoyall think?
Comments
Originally posted by Randycat99
I just received an email from "Microsoft" saying to use the attached .exe file to patch IE, Outlook, and Outlook Express. Is it really from them or some joker who is sending out dubious patches for people to run on their Windows PC? Anybody else get an email like this? To my knowledge (or better judgement), M$ wouldn't be sending out patches out to people, right?
The "from" box of the email has this:
"MS Public Support" <[email protected]>
Whaddoyall think?
haha i wouldn't run it...anythign they have can be downloaded from their site
that is a clever trick though peopel are stupid
This is the body of the email:
Microsoft Customer
this is the latest version of security update, the
"March 2003, Cumulative Patch" update which eliminates
all known security vulnerabilities affecting Internet Explorer,
Outlook and Outlook Express as well as five newly
discovered vulnerabilities. Install now to protect your computer
from these vulnerabilities, the most serious of which could allow
an attacker to run executable on your system. This update includes
the functionality of all previously released patches.
System requirements Win 9x/Me/2000/NT/XP This update applies to Microsoft Internet Explorer, version 4.01 and later
Microsoft Outlook, version 8.00 and later
Microsoft Outlook Express, version 4.01 and later Recommendation Customers should install the patch at the earliest opportunity. How to install Run attached file. Click Yes on displayed dialog box. How to use You don't need to do anything after installing this item.
Microsoft Product Support Services and Knowledge Base articles
can be found on the <http://support.microsoft.com/>Microsoft Technical Support web site.
For security-related information about Microsoft products, please
visit the <http://www.microsoft.com/security> Microsoft Security Advisor web site, or <http://www.microsoft.com/isapi/goreg.../contactus.asp>Contact us.
Please do not reply to this message. It was sent from an unmonitored
e-mail address and we are unable to respond to any replies.
Thank you for using Microsoft products.
With friendly greetings,
MS Public Support
Microsoft Customer
this is the latest version of security update, the
"March 2003, Cumulative Patch" update which eliminates
all known security vulnerabilities affecting Internet Explorer,
Outlook and Outlook Express as well as five newly
you think they would start out with 'this' and not 'This'?
Details: C|Net: Windows flaws opens computers to attack
Patch:
Patch for vulnerability
all known != five newly discovered
they were either in the "all" set or "all known" is meaningless
no legitimate security bulletin with executable patches would come from an "unmonitored email"
further proof can be found in the unbelievably syrupy salutatory tone. "with friendly greetings". microsoft support would sneer or expect you to continually patch it yourself rather than kindly send you - gratis - a magic bullet to six platforms and 3 generations of defective code
forward (with the full email header) to ms security and ask them.
Originally posted by curiousuburb
further proof can be found in the unbelievably syrupy salutatory tone. "with friendly greetings". microsoft support would sneer or expect you to continually patch it yourself rather than kindly send you - gratis - a magic bullet to six platforms and 3 generations of defective code
Yes, that part was pretty much the straw on the camel's back for me.
What is the MS security email address, btw?
Originally posted by Randycat99
OK, thanks! I forwarded off the email with the extended headers and all. This is one case where it would be a joy to see M$ unleash the rape ape on someone.
LOL! That would be one good thing that Microsoft could do with thanks to their money! I still get pissed when I get that sort of thing emailed to me! Drives me insane
Second, that doesn't fit the layout of standard M$ security bulletins. Plus, it had grammar mistakes!
Next, ms.com resolves to Morgan Stanley, definately not M$. Besides, people can always forge e-mail adresses. That leads me to my next point:
All MSBs are PGP signed so that you know it came from M$.
Originally posted by Randycat99
It does appear that a big new zombie attack is underway. This is the 3rd time this week I received a message from different people (I don't know) telling me to run some attached exe file to patch my M$ software. The latest 2 cited nearly page long lists of email addresses that I presume also received this message along with me. Each time the message and attachment name are changed. The consistent theme is that the attachment is a security patch for M$ software.
This could be really bad (for those poor windows shleps, not us). I'm sure at least some of these people will run the 'patch' and the have some sort of a virus installed somewhere deep down in their MBR or something. I'm glad I'm a mac user.
Nobody else here is getting these messages?
Originally posted by torifile
I'm glad I'm a mac user.
Ditto.
W32.Gibe.B@mm
?
Is that the name of a virus?