MS email security update request???

I received the email shown below with the MS logo, header and links to MS.
The email said to download and install the file: Q267437.exe

Is this email really from MS? I've never seen MS distribute Windows
security update by email.

Please let me know!
Thanks,
Earl

Here is the email.

Microsoft User

this is the latest version of security update, the "January 2005, Cumulative
Patch" update which resolves all known security vulnerabilities affecting MS
Internet Explorer, MS Outlook and MS Outlook Express. Install now to maintain
the security of your computer from these vulnerabilities, the most serious of
which could allow an attacker to run code on your system. This update
includes the functionality of all previously released patches.


System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest
opportunity.
How to install Run attached file. Choose Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found
on the Microsoft Technical Support web site. For security-related information
about Microsoft products, please visit the Microsoft Security Advisor web
site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored e-mail
address and we are unable to respond to any replies.

Additional info on this email from MS.
It was sent from:
It was sent to: (which isn't my email address).

Is there a problem here?


"eeh" wrote:

> I received the email shown below with the MS logo, header and links to MS.
> The email said to download and install the file: Q267437.exe
>
> Is this email really from MS? I've never seen MS distribute Windows
> security update by email.
>
> Please let me know!
> Thanks,
> Earl
>
> Here is the email.
>
> Microsoft User
>
> this is the latest version of security update, the "January 2005, Cumulative
> Patch" update which resolves all known security vulnerabilities affecting MS
> Internet Explorer, MS Outlook and MS Outlook Express. Install now to maintain
> the security of your computer from these vulnerabilities, the most serious of
> which could allow an attacker to run code on your system. This update
> includes the functionality of all previously released patches.
>
>
> System requirements Windows 95/98/Me/2000/NT/XP
> This update applies to MS Internet Explorer, version 4.01 and later
> MS Outlook, version 8.00 and later
> MS Outlook Express, version 4.01 and later
> Recommendation Customers should install the patch at the earliest
> opportunity.
> How to install Run attached file. Choose Yes on displayed dialog box.
> How to use You don't need to do anything after installing this item.
>
> Microsoft Product Support Services and Knowledge Base articles can be found
> on the Microsoft Technical Support web site. For security-related information
> about Microsoft products, please visit the Microsoft Security Advisor web
> site, or Contact Us.
>
> Thank you for using Microsoft products.
>
> Please do not reply to this message. It was sent from an unmonitored e-mail
> address and we are unable to respond to any replies.

Hi eeh,

No, that email is definitely NOT from MS, so DO NOT run the attachment!
Have a look at "How to Tell If a Microsoft Security-Related Message Is
Genuine":
http://www.microsoft.com/security/in...cate_mail.mspx



Regards,

--
Patti MacLeod
Microsoft MVP - Windows Shell/User

"eeh" <earlhmail-> wrote in message
news:9AAEA370-B6E2-406D-AEEE-...
> I received the email shown below with the MS logo, header and links to MS.
> The email said to download and install the file: Q267437.exe
>
> Is this email really from MS? I've never seen MS distribute Windows
> security update by email.
>
> Please let me know!
> Thanks,
> Earl
>
> Here is the email.
>
> Microsoft User
>
> this is the latest version of security update, the "January 2005,
Cumulative
> Patch" update which resolves all known security vulnerabilities affecting
MS
> Internet Explorer, MS Outlook and MS Outlook Express. Install now to
maintain
> the security of your computer from these vulnerabilities, the most serious
of
> which could allow an attacker to run code on your system. This update
> includes the functionality of all previously released patches.
>
>
> System requirements Windows 95/98/Me/2000/NT/XP
> This update applies to MS Internet Explorer, version 4.01 and later
> MS Outlook, version 8.00 and later
> MS Outlook Express, version 4.01 and
later
> Recommendation Customers should install the patch at the earliest
> opportunity.
> How to install Run attached file. Choose Yes on displayed dialog box.
> How to use You don't need to do anything after installing this item.
>
> Microsoft Product Support Services and Knowledge Base articles can be
found
> on the Microsoft Technical Support web site. For security-related
information
> about Microsoft products, please visit the Microsoft Security Advisor web
> site, or Contact Us.
>
> Thank you for using Microsoft products.
>
> Please do not reply to this message. It was sent from an unmonitored
e-mail
> address and we are unable to respond to any replies.

That Q number returns 2 hits on Google, neither applies to
IE.


"eeh" <earlhmail-> wrote in message
news:EDE1888D-4839-4101-AAE2-...
| Additional info on this email from MS.
| It was sent from:
| It was sent to: (which isn't
my email address).
|
| Is there a problem here?
|
|
| "eeh" wrote:
|
| > I received the email shown below with the MS logo,
header and links to MS.
| > The email said to download and install the file:
Q267437.exe
| >
| > Is this email really from MS? I've never seen MS
distribute Windows
| > security update by email.
| >
| > Please let me know!
| > Thanks,
| > Earl
| >
| > Here is the email.
| >
| > Microsoft User
| >
| > this is the latest version of security update, the
"January 2005, Cumulative
| > Patch" update which resolves all known security
vulnerabilities affecting MS
| > Internet Explorer, MS Outlook and MS Outlook Express.
Install now to maintain
| > the security of your computer from these
vulnerabilities, the most serious of
| > which could allow an attacker to run code on your
system. This update
| > includes the functionality of all previously released
patches.
| >
| >
| > System requirements Windows 95/98/Me/2000/NT/XP
| > This update applies to MS Internet Explorer, version
4.01 and later
| > MS Outlook, version
8.00 and later
| > MS Outlook Express,
version 4.01 and later
| > Recommendation Customers should install the patch at
the earliest
| > opportunity.
| > How to install Run attached file. Choose Yes on
displayed dialog box.
| > How to use You don't need to do anything after
installing this item.
| >
| > Microsoft Product Support Services and Knowledge Base
articles can be found
| > on the Microsoft Technical Support web site. For
security-related information
| > about Microsoft products, please visit the Microsoft
Security Advisor web
| > site, or Contact Us.
| >
| > Thank you for using Microsoft products.
| >
| > Please do not reply to this message. It was sent from an
unmonitored e-mail
| > address and we are unable to respond to any replies.

Patti,
Thanks for the info. That email was very MS looking. I guess they coppied
the logo and links from MS's website. It would be very easy for an
unsuspecting person to execute the file thinking they were following MS
instructions.
Earl


"Patti MacLeod" wrote:

> Hi eeh,
>
> No, that email is definitely NOT from MS, so DO NOT run the attachment!
> Have a look at "How to Tell If a Microsoft Security-Related Message Is
> Genuine":
> http://www.microsoft.com/security/in...cate_mail.mspx
>
>
>
> Regards,
>
> --
> Patti MacLeod
> Microsoft MVP - Windows Shell/User
>
> "eeh" <earlhmail-> wrote in message
> news:9AAEA370-B6E2-406D-AEEE-...
> > I received the email shown below with the MS logo, header and links to MS.
> > The email said to download and install the file: Q267437.exe
> >
> > Is this email really from MS? I've never seen MS distribute Windows
> > security update by email.
> >
> > Please let me know!
> > Thanks,
> > Earl
> >
> > Here is the email.
> >
> > Microsoft User
> >
> > this is the latest version of security update, the "January 2005,
> Cumulative
> > Patch" update which resolves all known security vulnerabilities affecting
> MS
> > Internet Explorer, MS Outlook and MS Outlook Express. Install now to
> maintain
> > the security of your computer from these vulnerabilities, the most serious
> of
> > which could allow an attacker to run code on your system. This update
> > includes the functionality of all previously released patches.
> >
> >
> > System requirements Windows 95/98/Me/2000/NT/XP
> > This update applies to MS Internet Explorer, version 4.01 and later
> > MS Outlook, version 8.00 and later
> > MS Outlook Express, version 4.01 and
> later
> > Recommendation Customers should install the patch at the earliest
> > opportunity.
> > How to install Run attached file. Choose Yes on displayed dialog box.
> > How to use You don't need to do anything after installing this item.
> >
> > Microsoft Product Support Services and Knowledge Base articles can be
> found
> > on the Microsoft Technical Support web site. For security-related
> information
> > about Microsoft products, please visit the Microsoft Security Advisor web
> > site, or Contact Us.
> >
> > Thank you for using Microsoft products.
> >
> > Please do not reply to this message. It was sent from an unmonitored
> e-mail
> > address and we are unable to respond to any replies.
>
>
>

Earl,

NO. Please do NOT open any attachments from this file. I will research it
further, but our updates are sent through Windows Update, Software Update
Services, Automatic Updates, or the Windows Catalog. We do not send these
updates as advertisements over email. The only reference I found was to a
non-security update regarding Sierra Print Artist Platinum 4.5. It is NOT a
security update. I do invite you to take the computer that received it, go
to http://windowsupdate.microsoft.com, and scan for updates. Look under the
optional updates, if there are any. You may actually find this update
offered to you.

I would also invite you to forward that message to me here at Microsoft.
Please send to a- (take off the "online." to
prevent SPAM email software from grabbing and sending).

I will be happy to forward it on to our resident experts on fake email and
virus attacks, and see what they think. Did this email have an attachment,
or just invite you through a link to go get this update?

Sincerely,

Pat Walters [MSFT]

"eeh" <earlhmail-> wrote in message
news:9AAEA370-B6E2-406D-AEEE-...
> I received the email shown below with the MS logo, header and links to MS.
> The email said to download and install the file: Q267437.exe
>
> Is this email really from MS? I've never seen MS distribute Windows
> security update by email.
>
> Please let me know!
> Thanks,
> Earl
>
> Here is the email.
>
> Microsoft User
>
> this is the latest version of security update, the "January 2005,
Cumulative
> Patch" update which resolves all known security vulnerabilities affecting
MS
> Internet Explorer, MS Outlook and MS Outlook Express. Install now to
maintain
> the security of your computer from these vulnerabilities, the most serious
of
> which could allow an attacker to run code on your system. This update
> includes the functionality of all previously released patches.
>
>
> System requirements Windows 95/98/Me/2000/NT/XP
> This update applies to MS Internet Explorer, version 4.01 and later
> MS Outlook, version 8.00 and later
> MS Outlook Express, version 4.01 and
later
> Recommendation Customers should install the patch at the earliest
> opportunity.
> How to install Run attached file. Choose Yes on displayed dialog box.
> How to use You don't need to do anything after installing this item.
>
> Microsoft Product Support Services and Knowledge Base articles can be
found
> on the Microsoft Technical Support web site. For security-related
information
> about Microsoft products, please visit the Microsoft Security Advisor web
> site, or Contact Us.
>
> Thank you for using Microsoft products.
>
> Please do not reply to this message. It was sent from an unmonitored
e-mail
> address and we are unable to respond to any replies.

Patti,
In the link you provided, the header: Example of a Fake Bulletin
is exactly what my email looked like except it was updated with current
dates and products. Thanks again

"Patti MacLeod" wrote:

> Hi eeh,
>
> No, that email is definitely NOT from MS, so DO NOT run the attachment!
> Have a look at "How to Tell If a Microsoft Security-Related Message Is
> Genuine":
> http://www.microsoft.com/security/in...cate_mail.mspx
>
>
>
> Regards,
>
> --
> Patti MacLeod
> Microsoft MVP - Windows Shell/User
>
> "eeh" <earlhmail-> wrote in message
> news:9AAEA370-B6E2-406D-AEEE-...
> > I received the email shown below with the MS logo, header and links to MS.
> > The email said to download and install the file: Q267437.exe
> >
> > Is this email really from MS? I've never seen MS distribute Windows
> > security update by email.
> >
> > Please let me know!
> > Thanks,
> > Earl
> >
> > Here is the email.
> >
> > Microsoft User
> >
> > this is the latest version of security update, the "January 2005,
> Cumulative
> > Patch" update which resolves all known security vulnerabilities affecting
> MS
> > Internet Explorer, MS Outlook and MS Outlook Express. Install now to
> maintain
> > the security of your computer from these vulnerabilities, the most serious
> of
> > which could allow an attacker to run code on your system. This update
> > includes the functionality of all previously released patches.
> >
> >
> > System requirements Windows 95/98/Me/2000/NT/XP
> > This update applies to MS Internet Explorer, version 4.01 and later
> > MS Outlook, version 8.00 and later
> > MS Outlook Express, version 4.01 and
> later
> > Recommendation Customers should install the patch at the earliest
> > opportunity.
> > How to install Run attached file. Choose Yes on displayed dialog box.
> > How to use You don't need to do anything after installing this item.
> >
> > Microsoft Product Support Services and Knowledge Base articles can be
> found
> > on the Microsoft Technical Support web site. For security-related
> information
> > about Microsoft products, please visit the Microsoft Security Advisor web
> > site, or Contact Us.
> >
> > Thank you for using Microsoft products.
> >
> > Please do not reply to this message. It was sent from an unmonitored
> e-mail
> > address and we are unable to respond to any replies.
>
>
>

You're very welcome, eeh :-)

You are correct, those emails certainly do look genuine........thank
goodness you had the foresight to question it instead of simply running the
attachment.




Regards,

--
Patti MacLeod
Microsoft MVP - Windows Shell/User

"eeh" <earlhmail-> wrote in message
news:64B257B6-5FC5-4604-8CEB-...
> Patti,
> In the link you provided, the header: Example of a Fake Bulletin
> is exactly what my email looked like except it was updated with current
> dates and products. Thanks again
>
> "Patti MacLeod" wrote:
>
> > Hi eeh,
> >
> > No, that email is definitely NOT from MS, so DO NOT run the attachment!
> > Have a look at "How to Tell If a Microsoft Security-Related Message Is
> > Genuine":
> > http://www.microsoft.com/security/in...cate_mail.mspx
> >
> >
> >
> > Regards,
> >
> > --
> > Patti MacLeod
> > Microsoft MVP - Windows Shell/User
> >
> > "eeh" <earlhmail-> wrote in message
> > news:9AAEA370-B6E2-406D-AEEE-...
> > > I received the email shown below with the MS logo, header and links to
MS.
> > > The email said to download and install the file: Q267437.exe
> > >
> > > Is this email really from MS? I've never seen MS distribute Windows
> > > security update by email.
> > >
> > > Please let me know!
> > > Thanks,
> > > Earl
> > >
> > > Here is the email.
> > >
> > > Microsoft User
> > >
> > > this is the latest version of security update, the "January 2005,
> > Cumulative
> > > Patch" update which resolves all known security vulnerabilities
affecting
> > MS
> > > Internet Explorer, MS Outlook and MS Outlook Express. Install now to
> > maintain
> > > the security of your computer from these vulnerabilities, the most
serious
> > of
> > > which could allow an attacker to run code on your system. This update
> > > includes the functionality of all previously released patches.
> > >
> > >
> > > System requirements Windows 95/98/Me/2000/NT/XP
> > > This update applies to MS Internet Explorer, version 4.01 and later
> > > MS Outlook, version 8.00 and later
> > > MS Outlook Express, version 4.01
and
> > later
> > > Recommendation Customers should install the patch at the earliest
> > > opportunity.
> > > How to install Run attached file. Choose Yes on displayed dialog box.
> > > How to use You don't need to do anything after installing this item.
> > >
> > > Microsoft Product Support Services and Knowledge Base articles can be
> > found
> > > on the Microsoft Technical Support web site. For security-related
> > information
> > > about Microsoft products, please visit the Microsoft Security Advisor
web
> > > site, or Contact Us.
> > >
> > > Thank you for using Microsoft products.
> > >
> > > Please do not reply to this message. It was sent from an unmonitored
> > e-mail
> > > address and we are unable to respond to any replies.
> >
> >
> >