Windows Security Update Email Spreads Malware
As technology giant's first Tuesday security patch for 2011 is scheduled for Jan
. 11, the hackers have tried to exploit Microsoft's routine of releasing updates on Tuesday to attack the users' computers.
Microsoft has confirmed that the vulnerability exists in the Windows Graphics Rendering Engine, and to exploit this, the hacker must be able to convince user to view a malicious web page or malicious Word or PowerPoint file.
Malware email
The email titled 'Update your Windows,' reads, "Please notice that the Microsoft company has recently issued a Security Update for OS Microsoft Windows."
The update is recommended for Microsoft's versions like Microsoft Windows 2000, Microsoft Windows XP, Microsoft Windows Vista, and Microsoft Windows 7.
Calling the update a "high priority," the letter advises users to install updates to improve their "computer's security and decrease the possibility of infection."
For the update, the mail suggests users to download and run KB453396-ENU.exe update file.
To make the email look authentic, signature section carries the name of Steve Lipner, Microsoft's director of security assurance.
Microsoft confirms Windows flaws
Following the circulation of fake security email, Microsoft in its advisory warned users of the unpatched Windows flaws.
The technology giant stated that it is looking into the reports of Windows flaw, confirming that a hacker "could run arbitrary code in the security context of the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights"
Microsoft has confirmed that the vulnerability exists in the Windows Graphics Rendering Engine, and to exploit this, the hacker must be able to convince user to view a malicious web page or malicious Word or PowerPoint file.
The malware can affect systems running Windows XP, Vista, Server 2003 and Server 2008. Windows 7 and Windows Server 2008 R2 are not at risk.
In company's blog post, Angela Gunn, Microsoft senior marketing communications manager for Trustworthy Computing, stated that they are working on a patch to fix the flaw.
Elementary mistakes in email
A Windows users who is aware of Microsoft's functioning can easily make out that the email is not genuine.
Firstly, the information on security update is an attachment but Microsoft never sends security updates via attachments.
Another mistake is in the forged email header. Graham Cluley of Naked Security blog states that the mail has come from no-reply@microsft.com. Here Microsoft's domain name has been spelt incorrectly.
by: Ritika
Windows Dress Games In United Kingdom Windows Mobile Phones Price in India Personal Debt Relief Advice – Tips To Eliminate Debt And Repair Credit Repairing Credit After Debt Settlement - The Tax Implications of Settling A Debt Improve Pc Performance With San Francisco Computer Repair Solutions Water heater with a year and a half just does not leak repair? - Water heaters, water leakage, electric water heater - HC Network Appliance Industry "Cfg Not Loaded" Error - Repair it in a Click ! Ieframe Permission Denied Error - Repair it in a Click ! Cfg Failure - Easy Way to Repair ! Credit Repair Doesn't Work - Here's How To Get All Negatives Removed From Your Credit Report Legally! Windshield Repair Basics Windows Vps - Some Vps Related Questions Answered Color Plastic Profile Line Of Standard Doors And Windows Industry To Stimulate The Development Of -