Email from Microsoft ?

From: Steve Dixon (stevedixonuk@hotmail.com)
Date: 05/22/02


From: "Steve Dixon" <stevedixonuk@hotmail.com>
Date: Wed, 22 May 2002 02:39:38 -0700


(I have also sent a copy to abuse@msn.com, as the return
email address in the original message
<rdquest12@microsoft.com> does not exist.)
------------------------------------------

My virus scanner (Norton) detected your attached files as
having a virus,
with the following message ...

-------------
This file: "q216309.zl9" was infected with: "W32.Gibe.dam"
virus.

The file was deleted by Norton AntiVirus. Wednesday, May
22, 2002 08:29
------------------

(q216309.zl9 was renamed from q216309.EXE by Norton Anti-
Virus as part of
its protection )

I have visited the link on your web site and the file name
is different
(Q321232: Security Update)

I must admit I am a little confused now ? Is this a
genuine update from
Microsoft or a very clever hacker ?

Steve.

----- Original Message -----
From: "Microsoft Corporation Security Center"
<rdquest12@microsoft.com>
To: "Microsoft Customer" <'customer@yourdomain.com'>
Sent: Tuesday, May 21, 2002 7:09 PM
Subject: Internet Security Update

Microsoft Customer,

     this is the latest version of security update, the

known security vulnerabilities affecting Internet Explorer
and
MS Outlook/Express as well as six new vulnerabilities, and
is
discussed in Microsoft Security Bulletin MS02-005. Install
now to
protect your computer from these vulnerabilities, the most
serious of which
could allow an attacker to run code on your computer.

Description of several well-know vulnerabilities:

- "Incorrect MIME Header Can Cause IE to Execute E-mail
Attachment"
vulnerability.
If a malicious user sends an affected HTML e-mail or hosts
an affected
e-mail on a Web site, and a user opens the e-mail or
visits the Web site,
Internet Explorer automatically runs the executable on the
user's computer.

- A vulnerability that could allow an unauthorized user to
learn the
location
of cached content on your computer. This could enable the
unauthorized
user to launch compiled HTML Help (.chm) files that
contain shortcuts to
executables, thereby enabling the unauthorized user to run
the executables
on your computer.

- A new variant of the "Frame Domain Verification"
vulnerability could
enable a
malicious Web site operator to open two browser windows,
one in the Web
site's
domain and the other on your local file system, and to
pass information from
your computer to the Web site.

- CLSID extension vulnerability. Attachments which end
with a CLSID file
extension
do not show the actual full extension of the file when
saved and viewed with
Windows Explorer. This allows dangerous file types to look
as though they
are simple,
harmless files - such as JPG or WAV files - that do not
need to be blocked.

System requirements:
Versions of Windows no earlier than Windows 95.

This update applies to:
Versions of Internet Explorer no earlier than 4.01
Versions of MS Outlook no earlier than 8.00
Versions of MS Outlook Express no earlier than 4.01

How to install
Run attached file q216309.exe

How to use
You don't need to do anything after installing this item.

For more information about these issues, read Microsoft
Security Bulletin
MS02-005, or visit link below.
http://www.microsoft.com/windows/ie/downloads/critical/defa
ult.asp
If you have some questions about this article contact us at
rdquest12@microsoft.com

Thank you for using Microsoft products.

With friendly greetings,
MS Internet Security Center.
----------------------------------------
----------------------------------------
Microsoft is registered trademark of Microsoft Corporation.
Windows and Outlook are trademarks of Microsoft
Corporation.



Relevant Pages

  • [NT] Cumulative Security Update for Internet Explorer (MS04-038)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... CSS Heap Memory Corruption Vulnerability, ... Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 ...
    (Securiteam)
  • [NT] Vulnerability in Microsoft Management Console Allows Code Execution (MS06-044)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... There is a remote code execution vulnerability in Windows Management ... Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
    (Securiteam)
  • [NT] Vulnerabilities in Microsoft Office Allows Code Execution (MS07-015)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Vulnerabilities in Microsoft Office Allows Code Execution ... A remote code execution vulnerability exists in PowerPoint and could be ... If a user were logged on with administrative user rights, an attacker who ...
    (Securiteam)
  • [NT] Vulnerability in Graphics Rendering Engine Allows Remote Code Execution
    ... Vulnerability in Graphics Rendering Engine Allows Remote Code Execution ... stored in WMF files is described as Microsoft Windows Graphics Device ... Metafile image on a malicious Web site. ...
    (Securiteam)
  • [NT] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Code Execution (MS07-001)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Microsoft Office 2003 Brazilian Portuguese Grammar Checker Code Execution ... A remote code execution vulnerability exists in Office 2003 Brazilian ... If a user were logged on with administrative user rights, an attacker who ...
    (Securiteam)