RE: [Full-Disclosure] Anyone? Important Security Update for the .NET Messenger Service

From: Serge van Ginderachter (svgn) (svgn_at_orbid.be)
Date: 08/19/03

  • Next message: Drew Copley: "RE: [Full-Disclosure] SCADA makes you a target for terrorists take 2" 
    To: "'koen4security@hotmail.com'" <koen4security@hotmail.com>, full-disclosure@lists.netsys.com
Date: Tue, 19 Aug 2003 20:23:25 +0200

    I received that mail about 10 times today. A co-worker of me, also in
    Belgium, received it several time also.
    I looked art the smtp headers. The relaying server didn't seem registered or
    related to Microsoft.

    Anyway, I'm pretty sure it's some kind of spam or whatever. But it seemed so
    valid, it makes you wonder about it...

    -----Original Message-----
    From: Koen Van Impe [mailto:koen4security@hotmail.com]
    Sent: dinsdag 19 augustus 2003 20:02
    To: full-disclosure@lists.netsys.com
    Subject: [Full-Disclosure] Anyone? Important Security Update for the
    .NET Messenger Service

    Hi List,

    Has anyone seen this recent so called 'update' for MSN Messenger? This
    (full-email follows below) was in my mailbox today but as far as I know
    there is no critical update needed for MSN Messenger. Any clues as where
    to look for?

    I'm under the impression that this is more like a 'install this so that
    we can tell what you're doing' security update than in fact a real
    security update.

    Off course, as always, e-mail headers from Microsoft-mail to Hotmail are
    very little informative. This was in the headers :

    <header>
    From: ".NET Messenger Service Staff" <dot_net_msgr_svc@msgr.hotmail.com>
    Subject: Important Security Update for the .NET Messenger Service
    Date: Mon 18, Aug 2003
    Mime-Version: 1.0
    Content-Type: text/html; Charset=iso-8859-1
    Content-Transfer-Encoding: 8bit
    </header>

    <mail>
    ATTENTION: IMMEDIATE ACTION REQUIRED FOR MSN AND WINDOWS MESSENGER
    USERS.

    You are receiving this e-mail because you are a MSN Messenger or Windows
    Messenger Service user.

    As part of Microsoft's Trustworthy Computing initiative, Microsoft is
    updating the .NET Messenger Service and providing you with an important
    MSN Messenger or Windows Messenger security update.

    If you are using MSN Messenger 5.0, Windows Messenger 4.7.2000, or MSN
    Messenger for Mac 3.5, or any versions higher than these, you do NOT need
    this security update. To find out which version you have, select the
    'Help' menu in Messenger, then select 'About'. If you are using an older
    version, or are not sure, please visit:
    http://messenger.msn.com/Help/Upgrades.aspx
    for an update.

    NOTICE: If you are not using an updated version, you will be unable to
    continue using your MSN Messenger or Windows Messenger Service.

    Thank you for helping Microsoft further its commitment to helping you
    protect your privacy and security online.

    You can view the .NET Messenger Statement of Privacy at:
    http://messenger.msn.com/Help/Privacy.aspx
    and the .NET Messenger Service Terms of Use and Notices at:
    http://messenger.msn.com/Help/Terms.aspx.
    </mail>

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Drew Copley: "RE: [Full-Disclosure] SCADA makes you a target for terrorists take 2"

    Relevant Pages