PGP Signed MS security bulletins...fail

TheMSsForum.com: The Microsoft Software Forum

I received two MS security bulletins on 10/15 both with the subject:
Microsoft Exchange Server Security Bulletin Summary for October 2003
One talked about an exchange patch, the other talked about MS03-41 through
MS03-45. The information they provided looked legitimate, but **Both**
failed PGP verification with Microsoft's key. Ire-downloaded the key with
same results. Thumbprint matched so that was expected.

I went to technet and found the Oct. article through technet (as if I'd
never seen the email) and went and got the patches OK, but did so with due
skepticism along the way.

Did anyone else have this happen?
--
Jim (for e-mail replace invalid with com)
"Remember, an amateur built the Ark; professionals built the Titanic."
Top

Re: PGP Signed MS security bulletins...fail by Bill

Bill
Tue Oct 21 13:16:42 CDT 2003

I see the same appearance, and am not knowledgable enough about PGP to say
what is happening. I suspect the version difference between what I am
running and what Microsoft is using.

There was a brief thread here about the issue at the time, but no clear
resolution, I thought.

"Jim Nugent" <nuge@execpc.invalid> wrote in message
news:%237LFzRblDHA.2772@TK2MSFTNGP12.phx.gbl...
> I received two MS security bulletins on 10/15 both with the subject:
> Microsoft Exchange Server Security Bulletin Summary for October 2003
> One talked about an exchange patch, the other talked about MS03-41 through
> MS03-45. The information they provided looked legitimate, but **Both**
> failed PGP verification with Microsoft's key. Ire-downloaded the key with
> same results. Thumbprint matched so that was expected.
>
> I went to technet and found the Oct. article through technet (as if I'd
> never seen the email) and went and got the patches OK, but did so with due
> skepticism along the way.
>
> Did anyone else have this happen?
> --
> Jim (for e-mail replace invalid with com)
> "Remember, an amateur built the Ark; professionals built the Titanic."
>
>
>
>


Top

Re: PGP Signed MS security bulletins...fail by S

S
Wed Oct 22 03:31:44 CDT 2003

Generally version of PGP or GPG isn't a problem. If the message cannot be
verified using MSRC public key
(http://www.microsoft.com/technet/security/MSRC.asc), then it's a problem
that needs to be reported to MSRC (secure@microsoft.com)

Details are here:
http://www.microsoft.com/technet/security/bulletin/notify.asp

--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-

"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
news:OF4589$lDHA.3320@tk2msftngp13.phx.gbl...
> I see the same appearance, and am not knowledgable enough about PGP to say
> what is happening. I suspect the version difference between what I am
> running and what Microsoft is using.
>
> There was a brief thread here about the issue at the time, but no clear
> resolution, I thought.
>
> "Jim Nugent" <nuge@execpc.invalid> wrote in message
> news:%237LFzRblDHA.2772@TK2MSFTNGP12.phx.gbl...
> > I received two MS security bulletins on 10/15 both with the subject:
> > Microsoft Exchange Server Security Bulletin Summary for October 2003
> > One talked about an exchange patch, the other talked about MS03-41
through
> > MS03-45. The information they provided looked legitimate, but **Both**
> > failed PGP verification with Microsoft's key. Ire-downloaded the key
with
> > same results. Thumbprint matched so that was expected.
> >
> > I went to technet and found the Oct. article through technet (as if I'd
> > never seen the email) and went and got the patches OK, but did so with
due
> > skepticism along the way.
> >
> > Did anyone else have this happen?
> > --
> > Jim (for e-mail replace invalid with com)
> > "Remember, an amateur built the Ark; professionals built the Titanic."
> >
> >
> >
> >
>
>


Top