March 2004 Security

  • Thread starter david kirkpatrick
  • Start date
D

david kirkpatrick

I've received a Microsoft message telling me that i
need one more security patch, i.e. March 2004, Cumulative
Patch, which should resolve any residual, recent XP
vulnerabilities. Unfortunately, in place of the attachment
i'm asked to install is this message: Outlook blocked
access to the following potential unsafe attachments:
Upgrade 737.exe.
Do i understand that one Microsoft program has
blocked a security patch designed for another Microsoft
program, Windows XP? What to do?
With appreciation,
David Kirkpatridck
 
A

anon

David, if you received the message allegedlly from MS
asking you to install the patch, then it is most likely a
virus. MS do not send out emails with attachments asking
for customers to up date.
Updating is done at their web site. Delete the message.
 
B

Bruce Chambers

Greetings --

What to do? Thank your lucky stars that Outlook Express's default
security settings are smarter than you are.

What you received is the output of a computer infected by one of
several widely publicized, wide-spread, mass emailing worms. The
virus' authors have deliberately spoofed the Microsoft information in
the hopes of garnering more victims. This sort of email has been very
common and widely publicized for at least the past 11 months. The most
widely-known are:

W32.Swen.A_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Trojan.Xombe
http://www.symantec.com/avcenter/venc/data/trojan.xombe.html

Microsoft never has, does not currently, and very probably never
will email unsolicited security patches. At the most, if, and only
if, you subscribe to their security notification newsletter, they will
send you an email informing you that a new patch is available for
downloading.

Microsoft Policies on Software Distribution
http://www.microsoft.com/technet/treeview/?url=/technet/security/policy/swdist.asp

Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp

How to Tell If a Microsoft Security-Related Message Is Genuine
http://www.microsoft.com/security/antivirus/authenticate_mail.asp

Remember, any and all legitimate patches and updates are readily
available at http://windowsupdate.microsoft.com/. You should develop
the habit of checking this site at least once a month to keep your
computer up-to-date. (Notice that this is the true URL, rather than
the bogus one that may have been contained in the email you received.)
Any messages that point to any other source(s) or claim to have the
patch attached are bogus.

You're receiving these emails because your email address is in
the address book of someone infected with a worm, and/or because you
posted your real email address somewhere on-line, either in a forum
accessible to the public and spambots, such as Usenet, or on an
untrustworthy web site that subsequently sold your address as part of
a mailing list. One thing you can do is notify _everyone_ with whom
you've ever corresponded via email that one or more of them may be
infected with a mass emailing worm, and should take the appropriate
steps. You can also ask your ISP to take steps to preclude their mail
server from passing on such emails. Many ISPs have such filtering
capabilities.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
D

David Qunt

"Bruce Chambers" <[email protected]> squirted these wordjisms
deep inside the bumtube of the newstwat in
Greetings --

What to do? Thank your lucky stars that Outlook Express's default
security settings are smarter than you are.
Click to expand...

Yeah, now that Outlook Express's default security settings finally are
smarter. Until very recently that simply wasn't the case.

Even with the settings a bit tighter, I still now prefer Opera for
browsing, Mozilla Thunderbird for email and XNews for newsgroups - and I
would recommend this combination over the *default* IE and OE any day for
security/trust reasons.
 
B

Bruce Chambers

Greetings --

"Until very recently....?" OE6's SP1 has been available for close
to two years now; that's quite a while, in computer time. ;-}


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
D

David Qunt

"Bruce Chambers" <[email protected]> squirted these wordjisms
deep inside the bumtube of the newstwat in @corp.supernews.com:
Greetings --

"Until very recently....?" OE6's SP1 has been available for close
to two years now; that's quite a while, in computer time. ;-}


Bruce Chambers
Click to expand...


In that case, you may change 'very recently' to 'relatively recently'.

But how long did OE exist, in its various versions, pre v6/XP SP1? Longer
than 'close to 2 years' anyway, which is more than 'quite a while, in
computer time' :D
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Security Patch Emails!!! 2
Patch124.exe 2
Security Support email from Microsoft 2
email problems 1
Problems after Security Partch 1
spoof email? 3
Mailings from "Microsoft" with viruses!!! 3
MS email "Security Update" ?? 3

Top