Users are being warned of a new phishing scam falsely telling recipients they need to download a Microsoft patch.
The emails – some of which include the recipient's full name and the company they work for in the letter body – inform recipients that they must download a fix to address a zero-day vulnerability affecting Outlook, according to one of the messages posted on the SANS site.
The email, which contains some misspellings, tells the user that if exploited, the flaw can "take full control of the vulnerable computer if the exploitation process is succesfull (sic)." It attempts to dupe users into visiting a site that appears like a legitimate Microsoft page.
A Microsoft spokesman told SCMagazine.com today that users should verify a site's certificate to ensure they are at a legitimate site.
"Spoofing attacks are commonly used in conjunction with phishing," the spokesman said.
Earlier this month, researchers warned of an email campaign issuing bogus Microsoft security advisories, which contained a malicious executable that installed a browser add-on to the victim's PC.
Click here to email reporter Dan Kaplan.