Jeffrey
Fri Apr 16 13:03:45 CDT 2004
Microsoft regularly sends e-mail to subscribers of our security e-mail
notification services when we release a Microsoft Security Bulletin.
Unfortunately, malicious individuals have been known to send bogus bulletins
that appear to be coming from Microsoft, a tactic known as spoofing. Some of
these messages lure recipients to malicious websites to download malicious
code, while others include a file attachment containing a virus.
Fortunately, there are ways to spot the imposters. Here's how to verify that
a Microsoft security-related message you receive is legitimate:
a.. The message contains no attachments. Authentic Microsoft Security
Bulletin notifications never include software updates as attachments.
b.. The message is digitally signed. The Microsoft Security Response
Center always signs its bulletin notifications before distributing them. You
can verify the signature by using the key published on Microsoft TechNet.
a.. Verify the digital signature on TechNet
c.. The bulletin is listed on Microsoft.com. We never send notices about
security updates until after we publish information about them on our
website. If you are ever in doubt about the authenticity of a Microsoft
Security Bulletin notice, check TechNet to see if the bulletin is listed
there.
a.. Review the list of recent bulletins
The above is from the Microsoft web site:
http://www.microsoft.com/security/antivirus/authenticate_mail.asp
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Jeff Jones <jrjones@online.microsoft.com>
"sue" <susan.atwill@tiscali.co.ukdiscussions.microsoft.com> wrote in message
news:1da1401c423da$455be6f0$a501280a@phx.gbl...
>i keep receiving an email from microsoft advising me this
> is an april 2004 cumulative patch for security update is
> this safe to open it has attachments but i'm not 100% its
> a valid email as i was told microsoft don't email
> patches. please advise