Security Issue

  • Thread starter Thread starter jerry
  • Start date Start date
J

jerry

I just received an email with an .exe attachment from MS
Corporation Public Assistance [qecpeqzkpts-
omww@confidence_msdn.net] that claims to be the "September
2003, Cumulative Patch" update which fixes all known
security vulnerabilities affecting MS Internet Explorer,
MS Outlook and MS Outlook Express. Install now to help
maintain the security of your computer from these
vulnerabilities, the most serious of which could allow an
attacker to run executable on your computer. This update
includes the functionality of all previously released
patches.

How do I know this is truly from MS????
 
Just got another email from MS Security Center about their latest patch.
About a minute later I get another "Message undeliverable".

Got another email while writing this post. Before I can send it I get
another couple of Message undeliverable messages.

DDS
 
I would delete it immediately. Don't run the EXE. As
far as I know MS does not mail out any executables unless
you have an open and active support case. If you did
then you would receive the email from
(e-mail address removed) and it would have
their little tagline about "Superior customer service is
our commitment...yada yada yada"

If you want to patch your machine then go to
http://windowsupdate.microsoft.com and then to
http://officeupdate.microsoft.com

Get your patches there and you know they're safe!

Tom
 
Hi,
I received several mails like this today as well. The
mails look VERY real. Its IMPORTANT that you all realize
that Microsoft does NOT will email unsolicited security
patches. Any mail you receive that contains a file
saying that it is a patch, or an emai that says "click
here" to receive the patch, etc. did not come from
Microsoft.

Rather, it appears you received the email resulting from
another computer (not yours) being invected by a mass
emailing worm. The two most widely-known are:

W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/w3
(e-mail address removed)

W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/w3
(e-mail address removed)

Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/news/patch_hoax.asp

Any and all legitimate patches and updates are readily
available at http://windowsupdate.microsoft.com/. For
easy access, just start WindowsUpdate on your computer
and it will hook to the official Microsoft site to
provide you with access to patches and updates from
Microsoft.

Kathy Prince
Program Manager
Microsoft Support Lifecycle & Security

This posting is provided "AS IS" with no warranties, and
confers no rights.
 
Back
Top