Microsoft NEVER sends updates through e-mail

This just came through to my inbox.  Fortunately, Small Business Server 2003’s Exchange filtering snagged the executable but thought this is worth touching on.  Never run an executable from anyone you haven’t explicitly requested it from.


You can see from the headers of this message that it really came from a Yahoo mail server, not Microsoft.  I found this one interesting that they are beginning to fake out the PGP key and even took the time to use Steve Lipner’s name in it.  Pretty creative, but still a bunch of baloney. – Steve


Microsoft Mail Internet Headers Version 2.0
thread-index: Ackrxj/LwJkXJhdjTIq3Bk8lpONEJw==
Received: from static235-3.adsl.no ([213.161.235.3]) by corp.banksnw.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 11 Oct 2008 10:24:41 -0700
Received: from [213.161.235.3] by b.mx.mail.yahoo.com; Sat, 11 Oct 2008 18:24:42 +0100
Message-ID: <01c92bce$a0ee5100$03eba1d5@03DNAG1>
From: “Microsoft High-priority update” <customerservice@microsoft.com>
To: <steve@banksnw.com>
Content-Transfer-Encoding: 7bit
Subject: Security Update for OS Microsoft Windows
Date: Sat, 11 Oct 2008 18:24:42 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary=”—-=_NextPart_000_0006_01C92BCE.A0EE5100″
Content-Class: urn:content-classes:message
X-Priority: 3
Importance: normal
Priority: normal
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.2106.4
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325
Return-Path: <03DNAG1@yahoo.com>
X-OriginalArrivalTime: 11 Oct 2008 17:24:42.0354 (UTC) FILETIME=[3F5FED20:01C92BC6]
X-TM-AS-Product-Ver: SMEX-7.5.0.1243-5.5.1027-16212.000
X-TM-AS-Result: No–22.286100-5.000000-31
X-TM-AS-User-Approved-Sender: No
X-TM-AS-User-Blocked-Sender: No


——=_NextPart_000_0006_01C92BCE.A0EE5100
Content-Type: text/plain;
 charset=”Windows-1252″
Content-Transfer-Encoding: 7bit


——=_NextPart_000_0006_01C92BCE.A0EE5100
Content-Type: text/plain;
 name=”RemovedAttachments002.txt”
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename=”RemovedAttachments002.txt”



——=_NextPart_000_0006_01C92BCE.A0EE5100–


—–Original Message—–
From: Microsoft High-priority update [mailto:customerservice@microsoft.com]
Sent: Saturday, October 11, 2008 10:25 AM
To: Steven Banks
Subject: Security Update for OS Microsoft Windows


 


Dear Microsoft Customer,


 


Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.


 


Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.


 


Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.


 


As your computer is set to receive notifications when new updates are available, you have received this notice.


 


In order to start the update, please follow the step-by-step instruction:


1. Run the file, that you have received along with this message.


2. Carefully follow all the instructions you see on the screen.


 


If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.


 


We apologize for any inconvenience this back order may be causing you.


 


 


Thank you,


 


Steve Lipner


Director of Security Assurance


Microsoft Corp.


 


 


—–BEGIN PGP SIGNATURE—–


Version: PGP 7.1


 


TLG52OUNH1ZE78UC9M3JL34R9RXTPT38TDP3DK09RJJ1E9305S400UA96V8NEVBPT


Y57343V8GJE4SL8JM3J39GAKNRK82WRH19IF566HLV8AM3SOCE52M12LHS9NKH899


J512NAX08TP9LE56GCNX3CN39AKLV44YKA2RYUMRK442ISYAQKYG85J5UN41TW5G4


C92RNORH2JFSI7SCIOBDDAWPTL8JO9VXH3XSE4S7SJO33XCED3YUAB8ZGJ4GCOBP3


8JLFYB93MBKN1SSL2ZMKIFB8619TDPDJEEY==


—–END PGP SIGNATURE—–

Eric Ligman has left the building…

Congratulations Eric!  You had me worried there when I was first reading your post this morning that you are no longer with the US Small Business team at Microsoft, but now I see you are on a much bigger mission to help our colleagues world wide.  Keep up the great work and make sure you stop by the PSSBS meetings occasionally to say hi.  :-)


Thank you to you for all you do Eric.  You and your family have a wonderful week as you take some much deserved time off.


Steve

EBS 2008 – Company Profile; Type your company information

EBS setup alert:


Under the Company Profile section of setup, when you get to the “Type your company information” screen, watch what you place in your entries for Company name, Name of certificate issuer, and Administrator’s name (optional).


YOU ARE NAMING YOUR INTERNAL CERTIFICATE AUTHORITY HERE.  This is not for use with your third party purchased public cert, so remember that when entering your information (as in do not put in Dotster, GoDaddy, or your favorite cert authority information, use the the company information for the EBS’ location).  There is no redo on this one to my knowledge once it is set.


EBS Company profile setup screen

Migration from SBS 2003 to EBS 2008

 EBS 2008


When migrating over to EBS from SBS 2003 there are couple pre-migration steps that will save you a lot of trouble.


First:


Change the IP address of your SBS LAN IP.  This will allow you to point mail to it during the installation process.  If you do not change it, then you will not be able to have mail hit it if one of your EBS servers (in our deployments, we’ve standardized on .1 for SEC, .2 for MGT, and .3 for MSG) are going to use x.x.x.2 (default SBS 2003 IP address fourth octet).


Second:


If running SBS 2003 Premium and using ISA or dual-NIC’d with RRAS firewall?  Do yourself a big, big favor and separate out the firewall role (ISA or RRAS) from the SBS box.  Using an inexpensive hardware device make it the default gateway BEFORE you start the EBS setup.  The key here is to separate out your default gateway from the rest of the server roles on SBS that EBS is looking to so they are not all on the same IP address.

EBS Edge Server Message Routing

EBS 2008 Edge Server Message Routing
Two send connectors are created – one to send mail to  the Messaging  Server and on to send mail to Internet.  We are being told that mail will queue during setup so don’t leave a production network hanging after this step for too long as it will be queuing up on you.



The connectors are created with these settings:



Connector to send mail to the existing mail server (Exchange or non-Exchange)


Name; SendToMessaging
Address Space:  —           
Port: 25
Source IP: <Internal IP Address of Security Server>
SmartHost : <IP Address of the existing mail server>
TLS Required: False
Usage: Intranet
Enabled: True


Note:  The “—“ address space is used to  send e-mail to all accepted internal domains.


Send connector to the Internet
Name; SendToInternet
Address Space:  *           
Port: 25
Source IP: <External IP Address of Security Server>
TLS Required: False
Usage: Intranet
Enabled: True

Thinking of EBS? Here’s a rough cost estimate and some caution for you to consider.

If you are thinking of going with Essential Business Server 2008, here are some numbers to think of while considering it.  These are quick “guesstimates” a few of us came up with while discussing it.



$5,000 for the base EBS license


150 x $81 for CALs = $12,510


$15,000 for fixed cost project deployment


$20,000 for server hardware


$52,000 average cost for an EBS deployment


This is why planning and preparation are so important.



EBS is not SBS, both in cost and complexity.  If you are an SBS focused admin/consultant and are thinking of going with EBS, that’s great.  Just make sure you do your homework, both technically by working with the product in a test environment and getting training, and from a business perspective by considering the deployment costs versus business requirements of the company it is being considered for installation into.