Hi,
On Friday 24th of October 2008 at 12.27 pm I received an email from Microsoft with the subject: Important Security Update from Microsoft.
The first paragraph and heading was the following:
"What is the purpose of this alert?
Microsoft has released a security bulletin (out-of-band) to address a vulnerability in all currently supported versions of Windows. The software update was made available for download from the Microsoft Update / Windows Update web site this morning."
I've examined this email and it is legitimate. However that doesn't mean other emails will be legitimate. Microsoft provides a link in the email to obtain further information. The full link address is not shown for the full bulletin, just a click here type link. The underlying link however is a valid Microsoft site.
The problem is phishing attempts that look like Microsoft official emails are sent. One of my clients was tricked and ended up infecting their computer and other computers on the network.
Personally I think Microsoft should display the full version of every link. Even if the full version of the link/address is shown, I would suggest keying the full version of the link/address into the browser and not clicking on a link. When you can see the domain is a www.microsoft.com, or www.microsoft.com.au domain and a page on their site, and the address is typed in, this gives assurance the information is information from Microsoft.
In this case the email I received was a bona fide. You may receive the same email, but just as equally take care, as you may receive a fake email with almost identical information, if one gets created.
Treat all emails, even from the companies you know, as a potential threat. Use the standard update approach used in Windows, which ensures you do not download potentially harmful malicious software.
- Kelvin Eldridge
This informaton is brought to courtesy of the JustLocal service.
I just received an email from a very large hosting company which loosely stated "there is a vulnerability within the Microsoft Windows operating system. To rectify this vulnerability we are required to load and install the Microsoft security patch across all Windows 2000 and Windows 2003 servers."
ReplyDeleteThis confirms to us the earlier Microsoft advice is considered important by the large players in the industry.
- Kelvin