Is this a hacker's trick?? **WARNING**

From: amcheeks (spidermouse8@yahoo.com)
Date: 09/16/02 

From: "amcheeks" <spidermouse8@yahoo.com>
Date: Sun, 15 Sep 2002 17:46:46 -0700

 
Hi,,,i got an e-mail yesterday and i am trying to find
out whether it was legit or not,,, i have norton security
and when i started downloading mail it came up with a
message saying i had a virus trying to be sent to me..I
had to have it quarantined and i didn't open attachment,
but i did see the senders name, the name was pluto and
they message said ,,,windows xp patch, enjoy,, i didnt'
open attachment, because i can't see microsoft sending a
patch that way,, is that possible

>-----Original Message-----
>Today I received this email with an attachment
q216309.exe
>supposedly from Microsoft.com {the actual email address
>was rdquest12@microsoft.com} This is the message:
>
>((Microsoft Customer,
>
> this is the latest version of security update, the
>"11 Sep 2002 Cumulative Patch" update which eliminates
all
>known security vulnerabilities affecting Internet
Explorer
>and
>MS Outlook/Express as well as six new vulnerabilities,
and
>is
>discussed in Microsoft Security Bulletin MS02-005.
Install
>now to
>protect your computer from these vulnerabilities, the
most
>serious of which
>could allow an attacker to run code on your computer.
>
>
>Description of several well-know vulnerabilities:
>
>- "Incorrect MIME Header Can Cause IE to Execute E-mail
>Attachment" vulnerability.
>If a malicious user sends an affected HTML e-mail or
hosts
>an affected
>e-mail on a Web site, and a user opens the e-mail or
>visits the Web site,
>Internet Explorer automatically runs the executable on
the
>user's computer.
>
>- A vulnerability that could allow an unauthorized user
to
>learn the location
>of cached content on your computer. This could enable
the
>unauthorized
>user to launch compiled HTML Help (.chm) files that
>contain shortcuts to
>executables, thereby enabling the unauthorized user to
run
>the executables
>on your computer.
>
>- A new variant of the "Frame Domain Verification"
>vulnerability could enable a
>malicious Web site operator to open two browser windows,
>one in the Web site's
>domain and the other on your local file system, and to
>pass information from
>your computer to the Web site.
>
>- CLSID extension vulnerability. Attachments which end
>with a CLSID file extension
>do not show the actual full extension of the file when
>saved and viewed with
>Windows Explorer. This allows dangerous file types to
look
>as though they are simple,
>harmless files - such as JPG or WAV files - that do not
>need to be blocked.
>
>
>System requirements:
>Versions of Windows no earlier than Windows 95.
>
>This update applies to:
>Versions of Internet Explorer no earlier than 4.01
>Versions of MS Outlook no earlier than 8.00
>Versions of MS Outlook Express no earlier than 4.01
>
>How to install
>Run attached file q216309.exe
>
>How to use
>You don't need to do anything after installing this
item.
>
>
>For more information about these issues, read Microsoft
>Security Bulletin MS02-005, or visit link below.
>http://www.microsoft.com/windows/ie/downloads/critical/de
fa
>ult.asp
>If you have some questions about this article contact us
>at rdquest12@microsoft.com
>
>Thank you for using Microsoft products.
>
>With friendly greetings,
>MS Internet Security Center.
>----------------------------------------
>----------------------------------------
>Microsoft is registered trademark of Microsoft
Corporation.
>Windows and Outlook are trademarks of Microsoft
>Corporation.))
>
>The only reasons I was worried is because one: I have
>Windows Update and I searched the attachment name
through
>Microsoft and there was none. Two: It went to an email
>address not registered with Microsoft. Is it real or
fake?
>
>.
>

Relevant Pages

  • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
    ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
    (Securiteam)
  • SecurityFocus Microsoft Newsletter #120
    ... Strengthening Network Security: FREE Guide Network security is a ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows File Protection Signed File Replacement... ... PlatinumFTPServer Information Disclosure Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #176
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows XP HCP URI Handler Arbitrary Command Execu... ... PHPNuke Category Parameter SQL Injection Vulnerability ... Microsoft Baseline Security Analyzer Vulnerability Identific... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #242
    ... MICROSOFT VULNERABILITY SUMMARY ... PostNuke Blocks Module Directory Traversal Vulnerability ... Groove Networks Groove Virtual Office COM Object Security By... ... The Microsoft Windows IPV6 TCP/IP stack is prone to a "loopback" condition initiated by sending a TCP packet with the "SYN" flag set and the source address and port spoofed to equal the destination source and port. ...
    (Focus-Microsoft)
  • [NT] Vulnerability in HTML Help Allows Code Execution (MS05-001)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
    (Securiteam)