Update Warning I got from Microsoft

From: Microsoft <windowssecurity@email.microsoft.com>
To: [email]xxxxxx@yahoo.com[/email]
Subject: Security Update for Microsoft Windows
Date: 04 Aug 2003 16:03:01 -0700

*** PLEASE NOTE: Due to the critical importance of this message,
this communication is being sent to all of our Microsoft customers
to alert you of this Security Bulletin. ***

It has been widely reported in the press and on Microsoft's own web
site, that on July 16th we released a critical security bulletin
(MS03-026) and a patch regarding a vulnerability in the Windows
operating system. We wanted to make sure that if you were not aware
of this bulletin and corresponding patch that you take a moment to
go to:
http://email.microsoft.com/m/s.asp?HB9707231354X2612303X228387X
to find out if you are running an affected version of the Windows
operating system and get the specific information as to what you
need to do to apply this patch if you have not already.

Although we encourage you to pay attention to all security bulletins
and to deploy patches in a timely manner we wanted to call special
attention to this particular instance as we have become aware of
some activity on the internet that we believe increases the
likelihood of the exploitation of this vulnerability. Specifically,
code has been published on several web sites that would allow
someone to spread a worm/virus that takes advantage of the
vulnerability in question thereby impacting your
computing environment.

Although it is our goal to produce the most secure and dependable
products possible, we do become aware of these types of
vulnerabilities. In order to minimize the risks of such
vulnerabilities to your computing environment, we encourage you to
subscribe to the Windows Update service by going to:
http://email.microsoft.com/m/s.asp?HB9707231354X2612304X228387X
and also subscribe to Microsoft's security notification service at:
http://email.microsoft.com/m/s.asp?HB9707231354X2612305X228387X
if you have not already. By subscribing to these two services you
will automatically receive information on the latest software
updates and the latest security notifications thereby improving the
likelihood that your computing environment will be safe from worms
and viruses that occur.

We apologize for any inconvenience the implementation of this patch
might cause and appreciate you taking the time to update
your system.

Thank you,
Microsoft Corporation

Weird that email is for marketing supposedly:

Email.Microsoft.com is a Microsoft-owned domain used solely for the delivery of marketing e-mail by Microsoft partner Digital Impact, the premier provider of online direct marketing solutions for enterprises. At Microsoft, we are committed to protecting your privacy and to utilizing technology that gives you the most powerful and secure online experience. If you received Microsoft-branded marketing e-mail from Digital Impact, you can trust it was sent on Microsoft’s behalf.

Yeah, its an old old mailing list I subscribed to. They subcontract a lot of that out. In fact I think their whole web site is run by a subcontractor. They got some bad PR a few years ago when someone pointed out that the site was being hosted on BSD Unix machines. They've fixed that I think.

I also got updates on this one from the NTBUGTRAQ mailing list, which is mostly for sysadmins.

Apparently people who run Windows based web servers and things are scrambling to stay ahead of this one.

Only problem is , the way to be safe is to turn off a bunch of functionality:

http://support.microsoft.com/default.aspx?scid=kb;en-us;825750

Since I'm only using Windows to run SL at the moment I don't think I have much to worry about. But I'm warning my Windows buddies

For client systems the normal Windows Update will take care of this I think.