Vista - Get it Straight! MSFT Has Sent "Alerts"/For Years

Let's clear this up. MSFT does not send attachments as Jones says and MSFT
does not send patches/hotfixesthat you directly click, never has and never
will ***unless you have contacted them for niche hot fixes. There are
hundreds of MSKBS for this practice* and after screening your need for the
niche hotfix mentioned in the MSKB at http://support.microsoft.com , (those
say say "contact us") they will send you a niche hotfix for a particular
problem, always phrased in the KB with the caveat that they are
non-regression tested and they have a standard speil they usually read on
the phone to warn you of this once again. They may or may not fix the
problem. It's software and they haven't been through the full panoply of
usual testing. These are then sent to your inbox as self extracting zip
files with passwords.

MSFT will often send security alerts days to two weeks before their monthly
notifications in these bulletins delivered by a variety of means as Technet
says.

http://www.microsoft.com/technet/sec...in/notify.mspx

Security Bulletin Search Webpage:
http://www.microsoft.com/technet/security/current.aspx

MSFT sends every one of these alerts using MRSC PGP digital signatures as
outlined here:

https://www.microsoft.com/technet/se...letin/pgp.mspx

A quote on PGP Signatures Used from MSFT:

"Verifying Our Digital Signature
Pretty Good Privacy (PGP) is an Internet standard for digitally signing and
encrypting e-mail and other documents. The Microsoft Security Response
Center (MSRC) uses PGP to digitally sign all security notifications.
However, it is not required to read security notifications, read security
bulletins, or install security updates. You can obtain the MSRC public PGP
key at the MSRC PGP Web page. Numerous third-party vendors produce
PGP-compatible applications for a variety of platforms, but Microsoft cannot
recommend the right solution for your environment."

Microsoft Technical Security Notifications
October 11, 2005

http://www.microsoft.com/technet/sec...y.mspx?pf=true

Better protect your computing environment by keeping up to date on Microsoft
technical security notifications. Notifications are available in RSS,
instant message, mobile device, or e-mail format, and are always available
online at TechNet on the Security Bulletin Search Web page.

For Home and Consumers
Learn about newly released and re-released security bulletins. Select from
the following alerts:

E-mail: Security Newsletter for Home Users
Really Simple Syndication: Security At Home
Instant Messenger Alert: Security Update Summary Alerts
Web Site: New Security Information

Most viruses, trojans, and blended threats disguised as MSFT do not infect
you on just opening the email, but I'm sure some could. MSFT is usually
quick to publish them and while the particular virus has been used before in
a hoax, Will should post the entire header and send it to MSFT.

The information could be screen shot and copy pasted and sent to MSFT via
this link:
http://go.microsoft.com/?linkid=2028460

Very wrongly phrased. For years and years MSFT has always sent alerts again
alerts again alerts RR Welcome to Technet and MSFT for years. They have if
anything beefed up the number of ways to get them.

Security Bulletins are here:
http://www.microsoft.com/technet/security/current.aspx

CH


"RoadRunner" <watda****@hotmail.com> wrote in message
news:e0eFtRH$GHA.4428@TK2MSFTNGP04.phx.gbl...
> Microsoft never send alerts with emails
>
>
> "Will" <imagine_44@yahoo.com> wrote in message
> news:E796EFF7-AB01-4E9E-8232-D5E009C88AA8@microsoft.com...
>>I just got an Email It looked identical to an Email from microsoft it
>>ciams to be about a network security patch there is no need to click on
>>anything it infects your computer as soon as you recieve it below are the
>>details
>>
>> Win32:Swen
>> is a worm, spreading through e-mail, shared folders, Kazaa P2P network
>> and IRC. It switches off antiviral and personal firewall software on the
>> infected computers.
>> It fakes the "From:" field in the infected e-mails. The worm length is
>> 106496 bytes. Being runned, the worm copies oneself to the %WINDIR%
>> folder (%WINDIR% is a system variable containing the name of the Windows
>> folder. Usually C:\Windows or C:\WinNT.) as a randomly named file. It
>> creates files named germs0.dbv, swen1.dat and %COMPUTERNAME%.bat
>> (%COMPUTERNAME% is a system variable containing the computer name.) in
>> the %WINDIR% folder. It searches for a number of antiviral and personal
>> firewall programs on the infected computer and tries to stop the found
>> programs. It does changes to the registry database:
>>
>> It creates randomly named item in the key
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, with a
>> value referring to the worm file in the % WINDIR %. This item ensures the
>> worm is started with the Windows.
>>
>> It sets the value of the DisableRegistryTools item in the
>> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
>> key to the "1". Thus, Windows registry database editing is disabled.
>> The "default" item in the HKEY_LOCAL_MACHINE\Software\CLASSES\ key
>> subkeys
>> batfile\shell\open\command
>> comfile\shell\open\command
>> exefile\shell\open\command
>> piffile\shell\open\command
>> regfile\shell\open\command
>> scrfile\shell\open\command
>> is modified so, that before running any file with bat, com, exe, pif, reg
>> or scr extension the worm is always runned.
>> It creates randomly named subkey in the key
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\.
>> In the subkey these items are always created:
>> CacheBox Outfit="yes"
>> Installed="...by Begbie"
>> Install Item=the item from the
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key
>> Unfile=randomly generated name of a file, containing the reference to the
>> %ComputerName%.bat file
>> These items might exist:
>> Email Address=the user e-mail address, obtained from the registry
>> database
>> Mirc Install Folder=the folder where the MIRC system resides
>> Server=the SMTP server IP address obtained from the registry database
>> ZipName
>> It the Kazaa P2P system is installed, the worm adds items
>>
>> Dir99= 012345:"the Kazaa shared folder name"
>> DisableSharing="0"
>>
>> to the key HKEY_CURRENT_USER\Software\Kazaa\LocalContent.
>>
>> The running worm checks, if a registry database editor is runned. If so,
>> the worm displays an error message and disables the editor. Periodically,
>> "MAPI32 Exception Error" window is displayed. The window demands input of
>> the mail account parameters - SMTP and POP3 server address, account name
>> and password, user's nickname. This is the MAPI32 Exception Error window:
>>