Microsoft Messenger Service Bulletin

[Bill]

I rec'd the following message on my screen which I assume
is from Microsoft. It said:

Message from microsoft networks to windows user on
12/21/2003. Microsoft security bulletin MS03-043. Buffer
overruns in messenger service could allow code execution
(820035).
Affected software:
Msft windows NT workstation
MSFT windows NT server 4.0
" 2000
" " XP
" " Win 98
" " Server 2000
Non affected software:
MS windows millenium

Your system is affected, download the patch from the
address below! First type the URL below into your
internet brrowser then click "ok".

www.windowspatch

=============
I went to this URL and was asked to pay $19.95 for this
patch. Is this a legitimate message from Microsoft.
Should I have to pay to fix my Windows XP operating
system that came with my computer? What is the severity
of this problem. Should I get the patch? Any help on this
would be appreciated. My email address is muliej@
(removethis)sbcglobal.net. Thanks

 

[Jupiter Jones [MVP]]

Bill;
BOGUS, stay far, far away.

See this link:
http://www3.telus.net/dandemar/Security.htm

 

[Wesley Vogel]

Bill;
It's a bogus message, not from M$. It is FREE from M$. All you have to do is click Windows Update
on your Start Menu or in IE/Tools/Windows Update. This came out almost two months ago.
Or you can pay $19.95 since you haven't gone to WU to get it.
Or Windows Update is here:
http://v4.windowsupdate.microsoft.com/en/default.asp
Check your WU History.

Microsoft Security Bulletin MS03-042
Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232)
Updated: October 29, 2003
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-042.asp

 

[Bruce Chambers]

Greetings --

No, it isn't a legitimate "Microsoft" warning, although the
potential threat is real, and you're obviously unprotected. It's
simply an unscrupulous advertiser trying to panic you into
unnecessarily buying their "service." Any and all patches you need
are available free of cost from Microsoft.

This type of spam has become quite common over the past year, and
unintentionally serves as a valid security "alert." It demonstrates
that you haven't been taking sufficient precautions while connected to
the Internet. Your data probably hasn't been compromised by these
specific advertisements, but if you're open to this exploit, you may
well be open to other threats, such as the Blaster Worm that recently
swept cross the Internet. Install and use a decent, properly
configured firewall. (Merely disabling the messenger service, as some
people recommend, only hides the symptom, and does almost nothing to
truly secure your machine.) And ignoring or just "putting up with"
the security gap represented by these messages is particularly
foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH