Hi, We had users reporting receiving an email that appears to be from Microsoft regarding a hotfix, but it appears to actually contain Microsoft hotfix info with a URI to download an executable. The executable is a zip that contains a MSU (Windows6.1-KB977307-x64.msu). Does MS send such email?
http://pastebin.com/BS5jt86N This one hits a lot of T_ rules; it'd be nice if they were real rules about now :-) It also hit BAYES_00, which I'm a little concerned about, but maybe not necessarily if the body is indeed actually legit... Thanks for any ideas. Alex
