Please remember that Microsoft will never distribute software updates
including security patches via attachments to e-mails or newsgroup messages.
Such messages typically contain viruses. You should always obtain patches
from microsoft.com, and you can verify the integrity of a patch by checking
its digital signature via Explorer by viewing the file's properties.

Simply right-click the file, select Properties, and select the Digital
Certificate tab to verify that the file is signed by Microsoft and the file
has not been tampered with. If the file is not signed or not signed by
Microsoft or has been altered since it was signed, do not install the patch.

Microsoft Policies on Software Distribution
http://www.microsoft.com/technet/sec...icy/swdist.asp

Information on Bogus Microsoft Security Bulletin E-mails
http://www.microsoft.com/technet/sec...patch_hoax.asp

John Sheu
MSDN Academic Alliance
http://www.msdnaa.net/