Microsoft NEVER sends updates through e-mail

This just came through to my inbox.  Fortunately, Small Business Server 2003’s Exchange filtering snagged the executable but thought this is worth touching on.  Never run an executable from anyone you haven’t explicitly requested it from.

You can see from the headers of this message that it really came from a Yahoo mail server, not Microsoft.  I found this one interesting that they are beginning to fake out the PGP key and even took the time to use Steve Lipner’s name in it.  Pretty creative, but still a bunch of baloney. – Steve

Microsoft Mail Internet Headers Version 2.0
thread-index: Ackrxj/LwJkXJhdjTIq3Bk8lpONEJw==
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.3959); Sat, 11 Oct 2008 10:24:41 -0700
Received: from [] by; Sat, 11 Oct 2008 18:24:42 +0100
Message-ID: <01c92bce$a0ee5100$03eba1d5@03DNAG1>
From: “Microsoft High-priority update” <>
To: <>
Content-Transfer-Encoding: 7bit
Subject: Security Update for OS Microsoft Windows
Date: Sat, 11 Oct 2008 18:24:42 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
Content-Class: urn:content-classes:message
X-Priority: 3
Importance: normal
Priority: normal
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.2106.4
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325
Return-Path: <>
X-OriginalArrivalTime: 11 Oct 2008 17:24:42.0354 (UTC) FILETIME=[3F5FED20:01C92BC6]
X-TM-AS-Product-Ver: SMEX-
X-TM-AS-Result: No–22.286100-5.000000-31
X-TM-AS-User-Approved-Sender: No
X-TM-AS-User-Blocked-Sender: No

Content-Type: text/plain;
Content-Transfer-Encoding: 7bit

Content-Type: text/plain;
Content-Transfer-Encoding: base64
Content-Disposition: attachment;


—–Original Message—–
From: Microsoft High-priority update []
Sent: Saturday, October 11, 2008 10:25 AM
To: Steven Banks
Subject: Security Update for OS Microsoft Windows


Dear Microsoft Customer,


Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.


Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.


Since public distribution of this Update through the official website would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.


As your computer is set to receive notifications when new updates are available, you have received this notice.


In order to start the update, please follow the step-by-step instruction:

1. Run the file, that you have received along with this message.

2. Carefully follow all the instructions you see on the screen.


If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.


We apologize for any inconvenience this back order may be causing you.



Thank you,


Steve Lipner

Director of Security Assurance

Microsoft Corp.




Version: PGP 7.1








Eric Ligman has left the building…

Congratulations Eric!  You had me worried there when I was first reading your post this morning that you are no longer with the US Small Business team at Microsoft, but now I see you are on a much bigger mission to help our colleagues world wide.  Keep up the great work and make sure you stop by the PSSBS meetings occasionally to say hi.  :-)

Thank you to you for all you do Eric.  You and your family have a wonderful week as you take some much deserved time off.


EBS 2008 – Company Profile; Type your company information

EBS setup alert:

Under the Company Profile section of setup, when you get to the “Type your company information” screen, watch what you place in your entries for Company name, Name of certificate issuer, and Administrator’s name (optional).

YOU ARE NAMING YOUR INTERNAL CERTIFICATE AUTHORITY HERE.  This is not for use with your third party purchased public cert, so remember that when entering your information (as in do not put in Dotster, GoDaddy, or your favorite cert authority information, use the the company information for the EBS’ location).  There is no redo on this one to my knowledge once it is set.

EBS Company profile setup screen

Migration from SBS 2003 to EBS 2008

 EBS 2008

When migrating over to EBS from SBS 2003 there are couple pre-migration steps that will save you a lot of trouble.


Change the IP address of your SBS LAN IP.  This will allow you to point mail to it during the installation process.  If you do not change it, then you will not be able to have mail hit it if one of your EBS servers (in our deployments, we’ve standardized on .1 for SEC, .2 for MGT, and .3 for MSG) are going to use x.x.x.2 (default SBS 2003 IP address fourth octet).


If running SBS 2003 Premium and using ISA or dual-NIC’d with RRAS firewall?  Do yourself a big, big favor and separate out the firewall role (ISA or RRAS) from the SBS box.  Using an inexpensive hardware device make it the default gateway BEFORE you start the EBS setup.  The key here is to separate out your default gateway from the rest of the server roles on SBS that EBS is looking to so they are not all on the same IP address.

EBS Edge Server Message Routing

EBS 2008 Edge Server Message Routing
Two send connectors are created – one to send mail to  the Messaging  Server and on to send mail to Internet.  We are being told that mail will queue during setup so don’t leave a production network hanging after this step for too long as it will be queuing up on you.

The connectors are created with these settings:

Connector to send mail to the existing mail server (Exchange or non-Exchange)

Name; SendToMessaging
Address Space:  —           
Port: 25
Source IP: <Internal IP Address of Security Server>
SmartHost : <IP Address of the existing mail server>
TLS Required: False
Usage: Intranet
Enabled: True

Note:  The “—“ address space is used to  send e-mail to all accepted internal domains.

Send connector to the Internet
Name; SendToInternet
Address Space:  *           
Port: 25
Source IP: <External IP Address of Security Server>
TLS Required: False
Usage: Intranet
Enabled: True

Thinking of EBS? Here’s a rough cost estimate and some caution for you to consider.

If you are thinking of going with Essential Business Server 2008, here are some numbers to think of while considering it.  These are quick “guesstimates” a few of us came up with while discussing it.

$5,000 for the base EBS license

150 x $81 for CALs = $12,510

$15,000 for fixed cost project deployment

$20,000 for server hardware

$52,000 average cost for an EBS deployment

This is why planning and preparation are so important.

EBS is not SBS, both in cost and complexity.  If you are an SBS focused admin/consultant and are thinking of going with EBS, that’s great.  Just make sure you do your homework, both technically by working with the product in a test environment and getting training, and from a business perspective by considering the deployment costs versus business requirements of the company it is being considered for installation into.