Re: Bogus Microsoft Security Announcement
From: Marc Fossi (mfossi@securityfocus.com)Date: 03/07/02
- Previous message: Ivan Hernandez: "Re: Patch for the "Microsoft IIS False Content-Length Field DoS Vulnerability" (bid 3667)"
- Next in thread: Laurent Dupont: "Re: MS02-009 : 2 in 1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 7 Mar 2002 08:24:49 -0700 (MST) From: Marc Fossi <mfossi@securityfocus.com> To: Scott Cothrell <scothrell@austin.rr.com>
That would probably be W32/Gibe. Here are some handy links:
http://www.europe.f-secure.com/v-descs/gibe.shtml
http://vil.nai.com/vil/content/v_99377.htm
http://www.symantec.com/avcenter/venc/data/w32.gibe@mm.html
http://www.antivirus.com/pc-cillin/vinfo/virusencyclo/default5.asp?VName=WORM_GIBE.A
http://www3.ca.com/virus/virus.asp?ID=11468
Marc Fossi, MCSE
SecurityFocus
www.securityfocus.com
On Wed, 6 Mar 2002, Scott Cothrell wrote:
> Just an FYI for the group...
>
> I received an obviously bogus security update in the email today.
> It is titled "Internet Security Update" and the return name reads as
> "Microsoft Corporation Security Center" with an (bogus) address of
> rdquest12@microsoft.com
> It has an attachment labled q216309.exe which set off McAfee VirusScan on my
> system.
>
> SC
>
>
> The text of the message follows:
>
>
>
> Microsoft Customer,
>
> this is the latest version of security update, the
> "2 Mar 2002 Cumulative Patch" update which eliminates all
> known security vulnerabilities affecting Internet Explorer and
> MS Outlook/Express as well as six new vulnerabilities, and is
> discussed in Microsoft Security Bulletin MS02-005. Install now to
> protect your computer from these vulnerabilities, the most serious of which
> could allow an attacker to run code on your computer.
>
>
> Description of several well-know vulnerabilities:
>
> - "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment"
> vulnerability.
> If a malicious user sends an affected HTML e-mail or hosts an affected
> e-mail on a Web site, and a user opens the e-mail or visits the Web site,
> Internet Explorer automatically runs the executable on the user's computer.
>
> - A vulnerability that could allow an unauthorized user to learn the
> location
> of cached content on your computer. This could enable the unauthorized
> user to launch compiled HTML Help (.chm) files that contain shortcuts to
> executables, thereby enabling the unauthorized user to run the executables
> on your computer.
>
> - A new variant of the "Frame Domain Verification" vulnerability could
> enable a
> malicious Web site operator to open two browser windows, one in the Web
> site's
> domain and the other on your local file system, and to pass information from
> your computer to the Web site.
>
> - CLSID extension vulnerability. Attachments which end with a CLSID file
> extension
> do not show the actual full extension of the file when saved and viewed with
> Windows Explorer. This allows dangerous file types to look as though they
> are simple,
> harmless files - such as JPG or WAV files - that do not need to be blocked.
>
>
> System requirements:
> Versions of Windows no earlier than Windows 95.
>
> This update applies to:
> Versions of Internet Explorer no earlier than 4.01
> Versions of MS Outlook no earlier than 8.00
> Versions of MS Outlook Express no earlier than 4.01
>
> How to install
> Run attached file q216309.exe
>
> How to use
> You don't need to do anything after installing this item.
>
>
> For more information about these issues, read Microsoft Security Bulletin
> MS02-005, or visit link below.
> http://www.microsoft.com/windows/ie/downloads/critical/default.asp
> If you have some questions about this article contact us at
> rdquest12@microsoft.com
>
> Thank you for using Microsoft products.
>
> With friendly greetings,
> MS Internet Security Center.
> ----------------------------------------
> ----------------------------------------
> Microsoft is registered trademark of Microsoft Corporation.
> Windows and Outlook are trademarks of Microsoft Corporation.
>
>
- Previous message: Ivan Hernandez: "Re: Patch for the "Microsoft IIS False Content-Length Field DoS Vulnerability" (bid 3667)"
- Next in thread: Laurent Dupont: "Re: MS02-009 : 2 in 1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
