Is this MS05-039 a valid email????

Y

Yves Leclerc

I just received an email which I do not believe that this "patch" is valid.
The links do not "seem" to point to any of Microsoft's true web sites (note: I
removed the the url links in case that these are not true Microsoft's urls:)


--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---------------------------------------------------------------
Microsoft Security Bulletin MS05-039
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation
of Privilege (899588)
Summary:
Who should receive this document: Customers who use Microsoft Windows
Impact of Vulnerability: Remote Code Execution and Local Elevation of Privilege
Maximum Severity Rating: CRITICAL
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: None
Tested Software and Security Update Download Locations:

Affected Software:
o Microsoft Windows 2000 Service Pack 4 -
o Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 -
o Microsoft Windows XP Professional x64 Edition -
o Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack
1 -

o Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems -
o Microsoft Windows Server 2003 x64 Edition -
Non-Affected Software:
o Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (ME)
Executive Summary:
This update resolves a newly-discovered, privately-reported vulnerability. A
remote code execution vulnerability exists in Plug and Play (PnP) that could
allow an attacker who successfully exploited this vulnerability to take
complete control of the affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user
rights.
Conclusion: We recommend that customers apply the update immediately.

© 2005 Microsoft Corporation. All rights reserved. Terms of Use
<http://www.microsoft.com/info/cpyright.mspx> | Trademarks
<http://www.microsoft.com/library/toolbar/3.0/trademarks/en-us.mspx> | Privacy
Statement <http://www.microsoft.com/info/privacy.mspx>
 
L

Leythos

I just received an email which I do not believe that this "patch" is valid.
The links do not "seem" to point to any of Microsoft's true web sites (note: I
removed the the url links in case that these are not true Microsoft's urls:)
Click to expand...

MS does NOT and NEVER has sent patches via email.
 
D

David H. Lipman

From: "Yves Leclerc" <[email protected]>

| I just received an email which I do not believe that this "patch" is valid.
| The links do not "seem" to point to any of Microsoft's true web sites (note: I
| removed the the url links in case that these are not true Microsoft's urls:)
|
| --------------------------------------------------------------------------------
| --------------------------------------------------------------------------------
| ---------------------------------------------------------------
| Microsoft Security Bulletin MS05-039
| Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation
| of Privilege (899588)
| Summary:
| Who should receive this document: Customers who use Microsoft Windows

< snip >

There are several Internet worms that masquerade as patches from Microsoft. The most common
are; Swen, Dumaru, Gibe and Torvil. However, this may be a new one.


Please submit a sample of the email attachment to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

When you get the report, please post back the exact results.
 
Y

Yves Leclerc

In further checking out the links,. they point to a "car" web site and I
discovered hat this patch cam out in "August 2005" and is already installed on
my XP Pro. This looks link a spyware/phishing email. BEWARE!!!!!
 
A

ANONYMOUS

The only way not to fall prey of scams is to stop clicking on any links
in any emails unless you know for sure who has sent you. One should
always use Windows Update button to get all updates.

Scammers can send you whatever they want but don't fall for them.
<PERIOD>
 
Y

Yves Leclerc

I am aware of this! I was just posting this email here in order to see if
someone encountered it and to "get the word out" that there is a new scam out
there!
 
D

David H. Lipman

From: "Yves Leclerc" <[email protected]>

| I just received an email which I do not believe that this "patch" is valid.
| The links do not "seem" to point to any of Microsoft's true web sites (note: I
| removed the the url links in case that these are not true Microsoft's urls:)

< snip >

You didn't answer my questions. Why, I don't know.

However I know what this is. It is the W32/Luhn Trojan Microsoft Patch masquerade

The attachment comes in as...
Windows-KB899588-x86-ENU.exe


AntiVir 6.33.0.61 12.09.2005 TR/Luhn
Avira 6.33.0.61 12.09.2005 TR/Luhn
BitDefender 7.2 12.09.2005 Trojan.Spy.Luhn.A
CAT-QuickHeal 8.00 12.09.2005 TrojanSpy.Luhn.a
ClamAV devel-20051108 12.08.2005 Trojan.Spy.W32.Luhn
DrWeb 4.33 12.09.2005 Trojan.Sklog
eTrust-Iris 7.1.194.0 12.09.2005 Win32/Luhn!Spy!Dropper
eTrust-Vet 11.9.1.0 12.09.2005 Win32.Luhn.A
Fortinet 2.54.0.0 12.09.2005 Spy/Luhn
F-Prot 3.16c 12.09.2005 security risk or a "backdoor" program
Kaspersky 4.0.2.24 12.09.2005 Trojan-Spy.Win32.Luhn.a
Sophos 4.00.0 12.09.2005 Troj/Dropper-BV
Symantec 8.0 12.09.2005 Trojan.Dropper
Trend Micro 993 12.09.2005 TROJ_DROPPER.VK
VBA32 3.10.5 12.09.2005 Trojan-Spy.Win32.Luhn.a
 
N

NotMe

MS never sends attachments to it's security notifications.
It may have a link to an MS website, but they NEVER include the patch in the
email!!!!!
If in doubt, DON'T install it!!
 
D

David H. Lipman

From: "NotMe" <[email protected]>

| MS never sends attachments to it's security notifications.
| It may have a link to an MS website, but they NEVER include the patch in the
| email!!!!!
| If in doubt, DON'T install it!!
|

/* That's called preaching to the choir ! */ :)

Microsoft doesn't email security notifications. Microsoft does send patches via email but
*only* if you contact them for something that is not available via public download and in
that case you would be expecting the patch.

There are several infectors that masquerade as MS patches that arrive in email. The most
common
are; Swen, Dumaru, Gibe and Torvil. The Luhn is a new one and is a Trojan rather than like
the peers I listed which are Internet worms.
 
P

Plato

NotMe said:
MS never sends attachments to it's security notifications.
It may have a link to an MS website, but they NEVER include the patch in the
email!!!!!
If in doubt, DON'T install it!!
Click to expand...

If in doubt. Delete it.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

VML patch from Microsoft 3
ANN: MS08-030 re-released to WinXP SP2 and WinXP SP3 2
Critical Security Bulletins 9
Microsoft Security Bulletin MS03-039 - 1
Critical Security Bulletins 2
Critical Security Updates 3
OT Critical Security Bulletins 3
OT Critical Updates 2

Top