I didn’t include the link. It goes to a web page that immediately tries to download software onto your computer.
There is a “Microsoft Baseline Security Analyzer,” but I can’t think of any legitimate reason why a third-party site would be contacting you, and making you download it from their site and not Microsoft’s.
A search through Google and Symantec didn’t help. It’s obviously fishy, but does anyone know what it is?
The standing rule: Microsoft does not send out emails to users advising them to make any updates unless the user has subscribed to the Microsoft Security Notification Service.
These alerts are exceedingly technical in nature, and while they’re obtuse, the grammar and spelling is perfect. (No “we advice you to install” goofs!) They’re also sent out with a PGP signature. Here’s just a tiny sample from a recent alert:
*Summary
Who should read this bulletin: Systems administrators running Microsoft ® Windows ® 2000
Impact of vulnerability: Run code of attacker’s choice
Maximum Severity Rating: Critical
Recommendation: Systems administrators should apply the patch immediately
Affected Software: Microsoft Windows 2000
Technical details
Technical description:
Microsoft Windows 2000 supports the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol. WebDAV, defined in RFC 2518, is a set of extensions to the Hyper Text Transfer Protocol (HTTP) that provide a standard for editing and file management between computers on the Internet. A security vulnerability is present in a Windows component used by WebDAV, and results because the component contains an unchecked buffer.