Re: Has anybody heard of 'MS04-025'?

From: N. Miller (anonymous_at_discussions.microsoft.com)
Date: 07/27/04


Date: Tue, 27 Jul 2004 14:32:35 -0700

In article <73907F2E-1366-49F7-93DD-B7C9B9860A09@microsoft.com>, =?Utf-8?B?
Q2hyaXM=?= says...

> I recieved an e-mail from what appeared to be a valid Microsoft address,
> "dodtam@microsoft.com" notifying me about an up coming critical security
> patch. The message was titled "Microsoft Security Response Center
> Bulletin Release MS04-025" and looked very official. The mail stated that
> Microsoft would be releasing a critical update on Monday 26 July, however
> there is no information that I can find here at Microsoft regarding this,
> and any search performed on the internet yields Norwegain or Asian sites,
> and no real information. I suspect this is a ruse and false information,
> and as a Security Technician for the Fed I need to investigate and confirm
> its validity.

> If anybody has seen this or can confirm whether its real or not, I would
> greatly appreciate it!

First question, does it end with a PGP signature? I receive MSFT bulletins,
and they come with a PGP signature. They publish their public key on the
MSFT site, somewhere, so you could validate it it that way. I find it hard
to imagine that some malicious cretin would have access to their private key
in order to phony up such a bulletin.

My last bulletin, received on July 13, was titled "Microsoft Security
Bulletin Summary for July 2004", and included both "Critical Security
Bulletins", and "Important Security Bulletins", numbered MS04-19 through
MS04-24. MS04-25 is the next logical bulletin in the sequence; but, go back
and check that PGP signature. If there is no PGP signature, it is bogus; if
there is such a signature, get the key from the MSFT site and check it.

Oh, and my last security bulletin came from an MSFT IP address. In fact,
every MSFT Security Bulletin in my collection, back to August 20, 2003
anyway, is from an MSFT IP address.

You should bookmark this url for reference in determination of the
authenticity of an MSFT security bulletin:

http://www.microsoft.com/security/incident/authenticate_mail.mspx

Oh, did I mention the PGP signature at the end of the message? MSFT
publishes their bulletins with a PGP. They use a private key, which should
only be known to them. You can get their public key by following the link on
the above url; look in the section titled, "The message is digitally
signed."

-- 
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint