Risk: High
As Microsoft's latest security bulletin is released, addressing yet more IE flaws, it has been reported that a Trojan is circulating, disguised as a Microsoft security patch. Upon opening the attachment in an email purportedly sent from Microsoft, attackers will be allowed backdoor entry to enable them to control victims' PCs. Mass mailing software will also be installed, enabling the worm to spread through Outlook's address book. Microsoft never sends patches as attachments, but if opened, the worm can be deleted by using anti-virus software.
Microsoft has a section on its website entitled 'How to tell whether a Microsoft-related email message is genuine', available at http://www.microsoft.com/athome/security/email/ms_genuine_mail.mspx
Three IE flaws have been patched in Microsoft's latest security bulletin - one which causes IE to crash if the user visits a specially crafted webpage and two that enable attackers to remotely control victims' PCs. The updates for IE are available at http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx