Odd update request

I received a suspicious email from Microsoft, and even my Live Hotmail didn't
like the attached download links, and it said in a roughly stated note, that
I had to download and install this: "December 2007, Cumulative Patch"

The email had this message:

"Microsoft Customer

this is the latest version of security update, the "December 2007,
Cumulative Patch" update which resolves all known security vulnerabilities
affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as
three newly discovered vulnerabilities. Install now to protect your computer
from these vulnerabilities, the most serious of which could allow an
malicious user to run code on your computer. This update includes the
functionality of all previously released patches."

There are 3 attachments, which the email security stated: "Windows Live
Hotmail has blocked some attachments in this mail because they appear unsafe."

Question: If this is a needed update, for security reasons, why doesn't
this run in the automatic mode like all the other updates and patches? Even
after going to the Windows update page, and running the search for needed
updates, this didn't show up, and is not found in the update history of the
XP system. Is this a real email or a hoax getting me to install malicious
codes?
--
Terry

Terry wrote:
> I received a suspicious email from Microsoft, and even my Live
> Hotmail didn't like the attached download links, and it said in a
> roughly stated note, that I had to download and install this:
> "December 2007, Cumulative Patch"
>
> The email had this message:
>
> "Microsoft Customer
>
> this is the latest version of security update, the "December 2007,
> Cumulative Patch" update which resolves all known security
> vulnerabilities affecting MS Internet Explorer, MS Outlook and MS
> Outlook Express as well as three newly discovered vulnerabilities.
> Install now to protect your computer from these vulnerabilities,
> the most serious of which could allow an malicious user to run code
> on your computer. This update includes the functionality of all
> previously released patches."
>
> There are 3 attachments, which the email security stated: "Windows
> Live Hotmail has blocked some attachments in this mail because they
> appear unsafe."
>
> Question: If this is a needed update, for security reasons, why
> doesn't
> this run in the automatic mode like all the other updates and
> patches? Even after going to the Windows update page, and running
> the search for needed updates, this didn't show up, and is not
> found in the update history of the XP system. Is this a real email
> or a hoax getting me to install malicious codes?


Microsoft does not send you email unless you request it from them.
Check the email headers to see whom it is from. It may not be from
Microsoft at all.

If it is a regularly scheduled update, not something you specifically
requested from Microsoft - then you should be able to check it at
http://windowsupdate.microsoft.com/ by doing a custom scan for updates. If
you don't find it there and you don't remember contacting Microsoft special
for more information - go with your gut (which should tell you 'scam'.)

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Microsoft NEVER sends Email updates -
http://www.microsoft.com/technet/sec...atch_hoax.mspx

--
====================================
TaurArian [MVP] 2005-2008 - Australia
====================================
How to ask a question: http://support.microsoft.com/kb/555375
http://taurarian.mvps.org/index.htm
Emails will not be acknowledged - please post to the newsgroup so all may benefit.


"Terry" <Terry@discussions.microsoft.com> wrote in message
news:ECB37276-C699-4A86-82DC-73E5964186D5@microsoft.com...
|I received a suspicious email from Microsoft, and even my Live Hotmail didn't
| like the attached download links, and it said in a roughly stated note, that
| I had to download and install this: "December 2007, Cumulative Patch"
|
| The email had this message:
|
| "Microsoft Customer
|
| this is the latest version of security update, the "December 2007,
| Cumulative Patch" update which resolves all known security vulnerabilities
| affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as
| three newly discovered vulnerabilities. Install now to protect your computer
| from these vulnerabilities, the most serious of which could allow an
| malicious user to run code on your computer. This update includes the
| functionality of all previously released patches."
|
| There are 3 attachments, which the email security stated: "Windows Live
| Hotmail has blocked some attachments in this mail because they appear unsafe."
|
| Question: If this is a needed update, for security reasons, why doesn't
| this run in the automatic mode like all the other updates and patches? Even
| after going to the Windows update page, and running the search for needed
| updates, this didn't show up, and is not found in the update history of the
| XP system. Is this a real email or a hoax getting me to install malicious
| codes?
| --
| Terry
|

Thanks you so much for the link to Microsoft that explains this email in
depth to me. The example it shows in the site is the exact one I received,
except for the fact it has been updated with the year 2007 at the bottom,
instead of 2003 in the example. I wish this was easier to find, as I believe
many people will be duped by this, as it looks so official. I am going to
pass this particular link to the page to my friends so that they are not
swept into this dangerous scam.


--
Terry


"TaurArian" wrote:

> Microsoft NEVER sends Email updates -
> http://www.microsoft.com/technet/sec...atch_hoax.mspx
>
> --
> ====================================
> TaurArian [MVP] 2005-2008 - Australia
> ====================================
> How to ask a question: http://support.microsoft.com/kb/555375
> http://taurarian.mvps.org/index.htm
> Emails will not be acknowledged - please post to the newsgroup so all may benefit.
>
>
> "Terry" <Terry@discussions.microsoft.com> wrote in message
> news:ECB37276-C699-4A86-82DC-73E5964186D5@microsoft.com...
> |I received a suspicious email from Microsoft, and even my Live Hotmail didn't
> | like the attached download links, and it said in a roughly stated note, that
> | I had to download and install this: "December 2007, Cumulative Patch"
> |
> | The email had this message:
> |
> | "Microsoft Customer
> |
> | this is the latest version of security update, the "December 2007,
> | Cumulative Patch" update which resolves all known security vulnerabilities
> | affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as
> | three newly discovered vulnerabilities. Install now to protect your computer
> | from these vulnerabilities, the most serious of which could allow an
> | malicious user to run code on your computer. This update includes the
> | functionality of all previously released patches."
> |
> | There are 3 attachments, which the email security stated: "Windows Live
> | Hotmail has blocked some attachments in this mail because they appear unsafe."
> |
> | Question: If this is a needed update, for security reasons, why doesn't
> | this run in the automatic mode like all the other updates and patches? Even
> | after going to the Windows update page, and running the search for needed
> | updates, this didn't show up, and is not found in the update history of the
> | XP system. Is this a real email or a hoax getting me to install malicious
> | codes?
> | --
> | Terry
> |
>
>
>

Terry wrote:
> Thanks you so much for the link to Microsoft that explains this email in
> depth to me. The example it shows in the site is the exact one I received,
> except for the fact it has been updated with the year 2007 at the bottom,
> instead of 2003 in the example. I wish this was easier to find, as I believe
> many people will be duped by this, as it looks so official. I am going to
> pass this particular link to the page to my friends so that they are not
> swept into this dangerous scam.
>
>
You should take note that this happens with a lot of different web
entities not just microsoft. Always be suspicious of things purportedly
from your bank, paypal, etc. etc.

--
Dave T.

In the 60's, people took LSD to make the world weird. Now
the world is weird and people take Prozac to make it normal.