Email from Microsoft (?)

Hi all,

I've recently signed up to receive the MS newsletters and alerts so that I
can start to learn more about security issues in depth. Once I'm past my SBS
exam I intend to take courses in the security side, but for now I'm no expert
and relatively new to the "MS way" ...

I received an email this morning claiming to be from Microsoft with the
subject "Microsoft Security Bulletin Minor Revisions". It doesn't look
professional, beginning with text ...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 16, 2007
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS07-027
* MS07-025
* MS07-023

Bulletin Information:
=====================

* MS07-027

- http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx
- Reason for Revision: Bulletin revised due to an incorrect file
name in Arbitrary File Rewrite Vulnerability - CVE-2007-2221
killbit table; A new issue discovered with the security
update: 937409 The "File Download - Security Warning" dialog
box opens when you try to open Internet Explorer 7; Updated
file names for Internet Explorer 7
- Originally posted: May 8, 2007
- Updated: May 16, 2007
- Bulletin Severity Rating: Critical
- Version: 1.2

Anyway - I wondered 2 things ...

1. How do I check that it's actually from Microsoft and not a spoofed send
address (I have SBS2003 R2 SP2 installed but I haven't yet configured the IMF
to check the Sender ID - how do I check that manually ?)

2. How do I check that the links in the email actually point to where they
say they point to (ok I have IE7 which SHOULD prevent phishing attacks right?
but again I'm interested to know how to assure myself manually)

Thanks all. Sorry if these are dumb questions or posted in the wrong place.

NewellWhite
Thu May 17 02:53:01 CDT 2007

1) Can't help

2) Configure e-mail client to show all messages as text, not html. Copy and
paste text version of link into web browser address bar. This is known as a
WYSIWYG hyperlink, and is preferable to a blind jump into hyperspace!
--
Newell White


"Mick Jennings" wrote:

> Hi all,
>
> I've recently signed up to receive the MS newsletters and alerts so that I
> can start to learn more about security issues in depth. Once I'm past my SBS
> exam I intend to take courses in the security side, but for now I'm no expert
> and relatively new to the "MS way" ...
>
> I received an email this morning claiming to be from Microsoft with the
> subject "Microsoft Security Bulletin Minor Revisions". It doesn't look
> professional, beginning with text ...
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ********************************************************************
> Title: Microsoft Security Bulletin Minor Revisions
> Issued: May 16, 2007
> ********************************************************************
>
> Summary
> =======
> The following bulletins have undergone a minor revision increment.
> Please see the appropriate bulletin for more details.
>
> * MS07-027
> * MS07-025
> * MS07-023
>
> Bulletin Information:
> =====================
>
> * MS07-027
>
> - http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx
> - Reason for Revision: Bulletin revised due to an incorrect file
> name in Arbitrary File Rewrite Vulnerability - CVE-2007-2221
> killbit table; A new issue discovered with the security
> update: 937409 The "File Download - Security Warning" dialog
> box opens when you try to open Internet Explorer 7; Updated
> file names for Internet Explorer 7
> - Originally posted: May 8, 2007
> - Updated: May 16, 2007
> - Bulletin Severity Rating: Critical
> - Version: 1.2
>
> Anyway - I wondered 2 things ...
>
> 1. How do I check that it's actually from Microsoft and not a spoofed send
> address (I have SBS2003 R2 SP2 installed but I haven't yet configured the IMF
> to check the Sender ID - how do I check that manually ?)
>
> 2. How do I check that the links in the email actually point to where they
> say they point to (ok I have IE7 which SHOULD prevent phishing attacks right?
> but again I'm interested to know how to assure myself manually)
>
> Thanks all. Sorry if these are dumb questions or posted in the wrong place.

MickJennings
Thu May 17 03:10:00 CDT 2007

:-) Thanks

"Newell White" wrote:

> 1) Can't help
>
> 2) Configure e-mail client to show all messages as text, not html. Copy and
> paste text version of link into web browser address bar. This is known as a
> WYSIWYG hyperlink, and is preferable to a blind jump into hyperspace!
> --
> Newell White
>
>
> "Mick Jennings" wrote:
>
> > Hi all,
> >
> > I've recently signed up to receive the MS newsletters and alerts so that I
> > can start to learn more about security issues in depth. Once I'm past my SBS
> > exam I intend to take courses in the security side, but for now I'm no expert
> > and relatively new to the "MS way" ...
> >
> > I received an email this morning claiming to be from Microsoft with the
> > subject "Microsoft Security Bulletin Minor Revisions". It doesn't look
> > professional, beginning with text ...
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > ********************************************************************
> > Title: Microsoft Security Bulletin Minor Revisions
> > Issued: May 16, 2007
> > ********************************************************************
> >
> > Summary
> > =======
> > The following bulletins have undergone a minor revision increment.
> > Please see the appropriate bulletin for more details.
> >
> > * MS07-027
> > * MS07-025
> > * MS07-023
> >
> > Bulletin Information:
> > =====================
> >
> > * MS07-027
> >
> > - http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx
> > - Reason for Revision: Bulletin revised due to an incorrect file
> > name in Arbitrary File Rewrite Vulnerability - CVE-2007-2221
> > killbit table; A new issue discovered with the security
> > update: 937409 The "File Download - Security Warning" dialog
> > box opens when you try to open Internet Explorer 7; Updated
> > file names for Internet Explorer 7
> > - Originally posted: May 8, 2007
> > - Updated: May 16, 2007
> > - Bulletin Severity Rating: Critical
> > - Version: 1.2
> >
> > Anyway - I wondered 2 things ...
> >
> > 1. How do I check that it's actually from Microsoft and not a spoofed send
> > address (I have SBS2003 R2 SP2 installed but I haven't yet configured the IMF
> > to check the Sender ID - how do I check that manually ?)
> >
> > 2. How do I check that the links in the email actually point to where they
> > say they point to (ok I have IE7 which SHOULD prevent phishing attacks right?
> > but again I'm interested to know how to assure myself manually)
> >
> > Thanks all. Sorry if these are dumb questions or posted in the wrong place.

Roger
Thu May 17 03:20:00 CDT 2007


verify the PGP signing


"Mick Jennings" <MickJennings@discussions.microsoft.com> wrote in message
news:1D2E16DF-BBE9-4177-B68F-324BA702505E@microsoft.com...
> Hi all,
>
> I've recently signed up to receive the MS newsletters and alerts so that I
> can start to learn more about security issues in depth. Once I'm past my
> SBS
> exam I intend to take courses in the security side, but for now I'm no
> expert
> and relatively new to the "MS way" ...
>
> I received an email this morning claiming to be from Microsoft with the
> subject "Microsoft Security Bulletin Minor Revisions". It doesn't look
> professional, beginning with text ...
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ********************************************************************
> Title: Microsoft Security Bulletin Minor Revisions
> Issued: May 16, 2007
> ********************************************************************
>
> Summary
> =======
> The following bulletins have undergone a minor revision increment.
> Please see the appropriate bulletin for more details.
>
> * MS07-027
> * MS07-025
> * MS07-023
>
> Bulletin Information:
> =====================
>
> * MS07-027
>
> - http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx
> - Reason for Revision: Bulletin revised due to an incorrect file
> name in Arbitrary File Rewrite Vulnerability - CVE-2007-2221
> killbit table; A new issue discovered with the security
> update: 937409 The "File Download - Security Warning" dialog
> box opens when you try to open Internet Explorer 7; Updated
> file names for Internet Explorer 7
> - Originally posted: May 8, 2007
> - Updated: May 16, 2007
> - Bulletin Severity Rating: Critical
> - Version: 1.2
>
> Anyway - I wondered 2 things ...
>
> 1. How do I check that it's actually from Microsoft and not a spoofed send
> address (I have SBS2003 R2 SP2 installed but I haven't yet configured the
> IMF
> to check the Sender ID - how do I check that manually ?)
>
> 2. How do I check that the links in the email actually point to where they
> say they point to (ok I have IE7 which SHOULD prevent phishing attacks
> right?
> but again I'm interested to know how to assure myself manually)
>
> Thanks all. Sorry if these are dumb questions or posted in the wrong
> place.

Alex
Thu May 17 13:45:45 CDT 2007

> but for now I'm no expert and relatively new to the "MS way" ...

Actually, as a general rule Microsoft does not send out random e-mail
(especially about patches and updates and stuff). So if you ever see a mail
purporting to contain a critical patch coming from "Microsoft" you can
pretty much bet money its malware, just like you can bet money a mail from
"paypal" is a scam.

> 1. How do I check that it's actually from Microsoft and not a spoofed send
> address (I have SBS2003 R2 SP2 installed but I haven't yet configured the
> IMF
> to check the Sender ID - how do I check that manually ?)

These days its best to start your morning knowing that any unsolicited mail
is untrusted and treated with utmost caution, period.

> 2. How do I check that the links in the email actually point to where they
> say they point to (ok I have IE7 which SHOULD prevent phishing attacks
> right?
> but again I'm interested to know how to assure myself manually)

Read all mail as plain text. Email "thick" clients allow you to do this.
I've been using Outlook 2007 and its actually pretty nice. My default view
is plain text, but if for some reason I want to see "pretty" HTML formatting
for particularly involved mails, or images, I can turn on HTML viewing in
one click. If you are using a web-based client (hotmail, gmail, whatevah),
you may get to view only in HTML. Today, Hotmail (Live Classic) doesnt allow
a default view as text, which is a bit lame, but you can either hover over a
suspicious link, and the address will be displayed in bottom left (IE) or
cut and paste into a test editor and the meta data for the link should be
displayed.

> Thanks all. Sorry if these are dumb questions or posted in the wrong
> place.

Not dumb, welcome.

Alex

MickJennings
Thu May 17 14:50:01 CDT 2007

Thanks - that's why I was suspicious, this just wasn't up to MS normal
communication standards.

I've turned on Plain Text in Outlook 2007. Out of interest, what's the
one-button click to show as HTML ?

"Alex Krawarik [MSFT]" wrote:

> > but for now I'm no expert and relatively new to the "MS way" ...
>
> Actually, as a general rule Microsoft does not send out random e-mail
> (especially about patches and updates and stuff). So if you ever see a mail
> purporting to contain a critical patch coming from "Microsoft" you can
> pretty much bet money its malware, just like you can bet money a mail from
> "paypal" is a scam.
>
> > 1. How do I check that it's actually from Microsoft and not a spoofed send
> > address (I have SBS2003 R2 SP2 installed but I haven't yet configured the
> > IMF
> > to check the Sender ID - how do I check that manually ?)
>
> These days its best to start your morning knowing that any unsolicited mail
> is untrusted and treated with utmost caution, period.
>
> > 2. How do I check that the links in the email actually point to where they
> > say they point to (ok I have IE7 which SHOULD prevent phishing attacks
> > right?
> > but again I'm interested to know how to assure myself manually)
>
> Read all mail as plain text. Email "thick" clients allow you to do this.
> I've been using Outlook 2007 and its actually pretty nice. My default view
> is plain text, but if for some reason I want to see "pretty" HTML formatting
> for particularly involved mails, or images, I can turn on HTML viewing in
> one click. If you are using a web-based client (hotmail, gmail, whatevah),
> you may get to view only in HTML. Today, Hotmail (Live Classic) doesnt allow
> a default view as text, which is a bit lame, but you can either hover over a
> suspicious link, and the address will be displayed in bottom left (IE) or
> cut and paste into a test editor and the meta data for the link should be
> displayed.
>
> > Thanks all. Sorry if these are dumb questions or posted in the wrong
> > place.
>
> Not dumb, welcome.
>
> Alex
>
>
>

Alex
Thu May 17 14:59:50 CDT 2007

(Outlook 2007)

Open an email message in the client. Across the top is a banner that
displays "This message was converted to plain text." or some such. Right
click the banner, choose "Display as HTML".


"Mick Jennings" <MickJennings@discussions.microsoft.com> wrote in message
news:FEEB9C27-7E3D-46F4-9236-FF0CBE5971EA@microsoft.com...
> Thanks - that's why I was suspicious, this just wasn't up to MS normal
> communication standards.
>
> I've turned on Plain Text in Outlook 2007. Out of interest, what's the
> one-button click to show as HTML ?
>

Jupiter
Thu May 17 19:22:02 CDT 2007

Mick;
Do not expect the same glitz you see in other Microsoft
correspondence.
These security notices are just that and nothing more, very plain by
design.
What you received today is what I regularly receive because I am also
signed up for the same as you.

If you question validity, follow Rogers advice.

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
http://www.dts-l.org


"Mick Jennings" <MickJennings@discussions.microsoft.com> wrote in
message news:1D2E16DF-BBE9-4177-B68F-324BA702505E@microsoft.com...
> Hi all,
>
> I've recently signed up to receive the MS newsletters and alerts so
> that I
> can start to learn more about security issues in depth. Once I'm
> past my SBS
> exam I intend to take courses in the security side, but for now I'm
> no expert
> and relatively new to the "MS way" ...
>
> I received an email this morning claiming to be from Microsoft with
> the
> subject "Microsoft Security Bulletin Minor Revisions". It doesn't
> look
> professional, beginning with text ...
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ********************************************************************
> Title: Microsoft Security Bulletin Minor Revisions
> Issued: May 16, 2007
> ********************************************************************
>
> Summary
> =======
> The following bulletins have undergone a minor revision increment.
> Please see the appropriate bulletin for more details.
>
> * MS07-027
> * MS07-025
> * MS07-023
>
> Bulletin Information:
> =====================
>
> * MS07-027
>
> - http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx
> - Reason for Revision: Bulletin revised due to an incorrect file
> name in Arbitrary File Rewrite Vulnerability - CVE-2007-2221
> killbit table; A new issue discovered with the security
> update: 937409 The "File Download - Security Warning" dialog
> box opens when you try to open Internet Explorer 7; Updated
> file names for Internet Explorer 7
> - Originally posted: May 8, 2007
> - Updated: May 16, 2007
> - Bulletin Severity Rating: Critical
> - Version: 1.2
>
> Anyway - I wondered 2 things ...
>
> 1. How do I check that it's actually from Microsoft and not a
> spoofed send
> address (I have SBS2003 R2 SP2 installed but I haven't yet
> configured the IMF
> to check the Sender ID - how do I check that manually ?)
>
> 2. How do I check that the links in the email actually point to
> where they
> say they point to (ok I have IE7 which SHOULD prevent phishing
> attacks right?
> but again I'm interested to know how to assure myself manually)
>
> Thanks all. Sorry if these are dumb questions or posted in the wrong
> place.

Jupiter
Thu May 17 19:24:27 CDT 2007

This message is not random as the OP signed up to receive these
notices.
I get them regularly because I have signed up as well.
Since the OP signed up, it is not unsolicited.

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
http://www.dts-l.org


"Alex Krawarik [MSFT]" <alexkr@online.microsoft.com> wrote in message
news:OKmXVOLmHHA.4876@TK2MSFTNGP03.phx.gbl...
>> but for now I'm no expert and relatively new to the "MS way" ...
>
> Actually, as a general rule Microsoft does not send out random
> e-mail (especially about patches and updates and stuff). So if you
> ever see a mail purporting to contain a critical patch coming from
> "Microsoft" you can pretty much bet money its malware, just like you
> can bet money a mail from "paypal" is a scam.
>
>> 1. How do I check that it's actually from Microsoft and not a
>> spoofed send
>> address (I have SBS2003 R2 SP2 installed but I haven't yet
>> configured the IMF
>> to check the Sender ID - how do I check that manually ?)
>
> These days its best to start your morning knowing that any
> unsolicited mail is untrusted and treated with utmost caution,
> period.
>
>> 2. How do I check that the links in the email actually point to
>> where they
>> say they point to (ok I have IE7 which SHOULD prevent phishing
>> attacks right?
>> but again I'm interested to know how to assure myself manually)
>
> Read all mail as plain text. Email "thick" clients allow you to do
> this. I've been using Outlook 2007 and its actually pretty nice. My
> default view is plain text, but if for some reason I want to see
> "pretty" HTML formatting for particularly involved mails, or images,
> I can turn on HTML viewing in one click. If you are using a
> web-based client (hotmail, gmail, whatevah), you may get to view
> only in HTML. Today, Hotmail (Live Classic) doesnt allow a default
> view as text, which is a bit lame, but you can either hover over a
> suspicious link, and the address will be displayed in bottom left
> (IE) or cut and paste into a test editor and the meta data for the
> link should be displayed.
>
>> Thanks all. Sorry if these are dumb questions or posted in the
>> wrong place.
>
> Not dumb, welcome.
>
> Alex