• Welcome to AppraisersForum.com, the premier online  community for the discussion of real estate appraisal. Register a free account to be able to post and unlock additional forums and features.

Forum Sponsor - a la mode

Learn more about Titan Reports, our new cloud-based formfiller, SmartExchange, Titan Office, and Titan Drive to see how you can revolutionize your appraisal business.

Microsoft Cumulative Patch-Security Update

Status
Not open for further replies.

Doug Smith SRA

Thread Starter
Member
Joined
Jan 16, 2002
Professional Status
Certified General Appraiser
State
Montana
Today I got the following with and *.exe attachment.

I did not go to the website. I checked Symantec web site and did not find this listed.

I don't care from whom I get an attachment, I don't open anything anymore. Anyone know the background of this "patch." It sure looks fishy to me. It looks so good but I don't take any chances.

Here is what I got.

Microsoft Customer,

this is the latest version of security update, the
"23 Mar 2002 Cumulative Patch" update which eliminates all
known security vulnerabilities affecting Internet Explorer and
MS Outlook/Express as well as six new vulnerabilities, and is
discussed in Microsoft Security Bulletin MS02-005. Install now to
protect your computer from these vulnerabilities, the most serious of which
could allow an attacker to run code on your computer.


Description of several well-know vulnerabilities:

- "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment" vulnerability.
If a malicious user sends an affected HTML e-mail or hosts an affected
e-mail on a Web site, and a user opens the e-mail or visits the Web site,
Internet Explorer automatically runs the executable on the user's computer.

- A vulnerability that could allow an unauthorized user to learn the location
of cached content on your computer. This could enable the unauthorized
user to launch compiled HTML Help (.chm) files that contain shortcuts to
executables, thereby enabling the unauthorized user to run the executables
on your computer.

- A new variant of the "Frame Domain Verification" vulnerability could enable a
malicious Web site operator to open two browser windows, one in the Web site's
domain and the other on your local file system, and to pass information from
your computer to the Web site.

- CLSID extension vulnerability. Attachments which end with a CLSID file extension
do not show the actual full extension of the file when saved and viewed with
Windows Explorer. This allows dangerous file types to look as though they are simple,
harmless files - such as JPG or WAV files - that do not need to be blocked.


System requirements:
Versions of Windows no earlier than Windows 95.

This update applies to:
Versions of Internet Explorer no earlier than 4.01
Versions of MS Outlook no earlier than 8.00
Versions of MS Outlook Express no earlier than 4.01

How to install
Run attached file q216309.exe

How to use
You don't need to do anything after installing this item.


For more information about these issues, read Microsoft Security Bulletin MS02-005, or visit link below.
http://www.microsoft.com/windows/ie/downlo...cal/default.asp
If you have some questions about this article contact us at [email protected]

Thank you for using Microsoft products.

With friendly greetings,
MS Internet Security Center.
----------------------------------------
----------------------------------------
Microsoft is registered trademark of Microsoft Corporation.
Windows and Outlook are trademarks of Microsoft Corporation.
 

Jeff Horton

Senior Member
Joined
Jan 15, 2002
Professional Status
Certified Residential Appraiser
State
Alabama
Doug, I seem to remember hearing something about a virus that came as a letter from Micrsoft. I can't remember details but I would will to bet the farm that MS is not emailing out Patches to people!!

I just did a search and found the following at McAfee. Your a smart man. That is a virus.

http://vil.mcafee.com/dispVirus.asp?virus_k=99377&
 

Lawrence Silverman

Freshman Member
Joined
Jan 15, 2002
Professional Status
Certified Residential Appraiser
State
Illinois
MICROSOFT NEVER, NEVER, AND I REPEAT LOUDLY FOR THOSE THAT ARE NOT NET SAVVY, NEVER SENDS OUT ITS PATCHES!!!!! :!: :!:

1) Never download ANY files of any sort from anyone that you were not expecting, even from friends.

2) Get an anti-virus program.

3) Download freeware "Script Defender" from www.analogx.com to protect you.
 

Mountain Man

Elite Member
Joined
Jan 15, 2002
Professional Status
Certified General Appraiser
State
Georgia
DITTO on what Lawrence said.
YOU have to go to THEIR web site to down load patches. Microsoft does not send out notices by e-mail (how can they with millions of users?) Although, you can set YOUR explorer setting to let you know when one is avaliable on their web site.
 

BigBlueGA

Junior Member
Joined
Mar 13, 2002
Professional Status
Certified General Appraiser
State
Georgia
Definately a virus.. read about this one on MSN the other day.

/me readies the delete finger...
 
Status
Not open for further replies.
Find a Real Estate Appraiser - Enter Zip Code

Copyright © 2000-, AppraisersForum.com, All Rights Reserved
AppraisersForum.com is proudly hosted by the folks at
AppraiserSites.com
Top

AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features of our website. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock
No Thanks