I received this, and several e-mails like this, and can't
tell if it and the exe file it contains is really from MS
or a spoof. Somewhere on the MS site it says: beware of
hoaxes; MS will not usually send complete files, but will
direct you to the link you need. This is what the e-mail
contained:


MS Customer

this is the latest version of security update, the
"September 2003, Cumulative Patch" update which eliminates
all known security vulnerabilities affecting MS Internet
Explorer, MS Outlook and MS Outlook Express. Install now to
help protect your computer from these vulnerabilities, the
most serious of which could allow an attacker to run code
on your system. This update includes the functionality of
all previously released patches.


System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01
and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the
earliest opportunity.
How to install Run attached file. Choose Yes on displayed
dialog box.
How to use You don't need to do anything after installing
this item.

Microsoft Product Support Services and Knowledge Base
articles can be found on the Microsoft Technical Support
web site. For security-related information about Microsoft
products, please visit the Microsoft Security Advisor web
site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an
unmonitored e-mail address and we are unable to respond to
any replies.
The names of the actual companies and products mentioned
herein are the trademarks of their respective owners.

Contact Us | Legal | TRUSTe
=A92003 Microsoft Corporation. All rights reserved. Terms of

In article <04b301c37fe6$555f4b20$a301280a@phx.gbl>, "Ellen"
[quoted text, click to view]

Okay, the key here is that MS will _not_ send complete files.

Everything that Microsoft issues for public consumption is available from
their web site, or by ordering from them on CD.

Never open anything that you get in your email that "comes from Microsoft",
because if you didn't sign up specifically to receive it, you won't get it.
Microsoft doesn't send spam [they might blur the lines a little by sending
you an email that's only vaguely related to the list you signed up to, but
that's more a matter of interpretation].

Even those of us signed up to receive security bulletins and other
notifications have not yet received a file in our email from Microsoft.
They won't do it, because they know that too many viruses propagate that
way, and you have _no_ way of knowing whether or not the message came from
Microsoft.

If you ever receive a message that you think might be from Microsoft, urging
that you run this or that upgrade, delete the message, open up Windows
Update (or visit the web site and go searching, if you feel like it), and
see if it offers anything for download. Every time I've received a security
bulletin in my email, the Windows Update site has the software ready for
download.

Remember, Microsoft's customers are a big, shiny, red target, as far as
virus writers are concerned. As a target, it's your responsibility to take
evasive action. Be distrustful. Download the patches yourself, from what
you _know_ to be Microsoft's web site, not from what you _think_ might be
Microsoft's email.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place | alun@texis.com.
Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.