Re: Email from Microsoft (?)




verify the PGP signing


"Mick Jennings" <MickJennings@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1D2E16DF-BBE9-4177-B68F-324BA702505E@xxxxxxxxxxxxxxxx
Hi all,

I've recently signed up to receive the MS newsletters and alerts so that I
can start to learn more about security issues in depth. Once I'm past my
SBS
exam I intend to take courses in the security side, but for now I'm no
expert
and relatively new to the "MS way" ...

I received an email this morning claiming to be from Microsoft with the
subject "Microsoft Security Bulletin Minor Revisions". It doesn't look
professional, beginning with text ...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 16, 2007
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS07-027
* MS07-025
* MS07-023

Bulletin Information:
=====================

* MS07-027

- http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx
- Reason for Revision: Bulletin revised due to an incorrect file
name in Arbitrary File Rewrite Vulnerability - CVE-2007-2221
killbit table; A new issue discovered with the security
update: 937409 The "File Download - Security Warning" dialog
box opens when you try to open Internet Explorer 7; Updated
file names for Internet Explorer 7
- Originally posted: May 8, 2007
- Updated: May 16, 2007
- Bulletin Severity Rating: Critical
- Version: 1.2

Anyway - I wondered 2 things ...

1. How do I check that it's actually from Microsoft and not a spoofed send
address (I have SBS2003 R2 SP2 installed but I haven't yet configured the
IMF
to check the Sender ID - how do I check that manually ?)

2. How do I check that the links in the email actually point to where they
say they point to (ok I have IE7 which SHOULD prevent phishing attacks
right?
but again I'm interested to know how to assure myself manually)

Thanks all. Sorry if these are dumb questions or posted in the wrong
place.


.