Money Matters - Simplified

Windows security update email spreads malware

The malware can affect systems running Windows XP, Vista, Server 2003 and Server 2008. Windows 7 and Windows Server 2008 R2 are not at risk.

Received a mail from Microsoft lately and wondering if it's routine Tuesday security patch? Hold on, as the email is nothing more than a corrupted file that can run malware on your system.

As technology giant's first Tuesday security patch for 2011 is scheduled for Jan. 11, the hackers have tried to exploit Microsoft's routine of releasing updates on Tuesday to attack the users' computers.

Microsoft has confirmed that the vulnerability exists in the Windows Graphics Rendering Engine, and to exploit this, the hacker must be able to convince user to view a malicious web page or malicious Word or PowerPoint file.

Malware email
The email titled 'Update your Windows,' reads, “Please notice that the Microsoft company has recently issued a Security Update for OS Microsoft Windows.”

The update is recommended for Microsoft's versions like Microsoft Windows 2000, Microsoft Windows XP, Microsoft Windows Vista, and Microsoft Windows 7.

Calling the update a “high priority,” the letter advises users to install updates to improve their “computer's security and decrease the possibility of infection.”

For the update, the mail suggests users to download and run KB453396-ENU.exe update file.

To make the email look authentic, signature section carries the name of Steve Lipner, Microsoft's director of security assurance.

Microsoft confirms Windows flaws
Following the circulation of fake security email, Microsoft in its advisory warned users of the unpatched Windows flaws.

The technology giant stated that it is looking into the reports of Windows flaw, confirming that a hacker “could run arbitrary code in the security context of the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights”

Microsoft has confirmed that the vulnerability exists in the Windows Graphics Rendering Engine, and to exploit this, the hacker must be able to convince user to view a malicious web page or malicious Word or PowerPoint file.

The malware can affect systems running Windows XP, Vista, Server 2003 and Server 2008. Windows 7 and Windows Server 2008 R2 are not at risk.

In company's blog post, Angela Gunn, Microsoft senior marketing communications manager for Trustworthy Computing, stated that they are working on a patch to fix the flaw.

Elementary mistakes in email
A Windows users who is aware of Microsoft's functioning can easily make out that the email is not genuine.

Firstly, the information on security update is an attachment but Microsoft never sends security updates via attachments.

Another mistake is in the forged email header. Graham Cluley of Naked Security blog states that the mail has come from no-reply@microsft.com. Here Microsoft's domain name has been spelt incorrectly.