Microsoft tells us four ways to do this:
If the email has an attachment, don't open the attachment. The email did not come from Microsoft, since they never include attachments in security bulletins.
Delete the email immediately.
* If the URLs in the email begin with http://www.microsoft.com or https://www.microsoft.com, then the email may or may not be from Microsoft.
If it contains an URL such as http://www.microsof1.com or https://www.micros0ft.com, however, it's definitely not from Microsoft, so don't click on that URL.
If you can find the exact information in the bulletin somewhere on Microsoft's web site, then the email may be from Microsoft.
Sneaky attackers may send an email that is almost identical to existing, legitimate Microsoft security bulletin and try to fool you into clicking on a link in it.
* Finally, if you clicked on a link in the email and it took you to an SSL web site (you can tell this by the closed-lock icon in the status bar), then you can double-click on the lock icon to verify that the Issued To field of the web site's digital certificate says www.microsoft.com.
Only the first method above is a dead giveaway; that is, if the security alert email has an attachment, then it's bad and should be deleted.
The others rely on the sophistication, brains, patience, and good eyesight of the user and probably not as helpful.
Later versions of IE include advanced features to help protect against phishing and spoofing attacks, but these too may be undermined.
If you'd prefer to receive your security alerts from Microsoft by other methods, you can now get them by RSS feed or Windows Messenger or MSN Messenger.
You can also subscribe to Comprehensive Security Alerts, in which Microsoft will alert you by email concerning upcoming security bulletins, changes to existing bulletins, and security advisories on various relevant topics.
Then there are patches for Microsoft Office, for which you can receive email notification by subscribing to the Inside Office--Product Updates Alert on the Office Online web site.
If an update in this newsletter applies to you, you can download and apply the update from the Office Update web site.
If you have other Microsoft software installed on your PC, you can also search the Microsoft Download Center for news or information about patches for your software.
All of this is simply to say that monitoring what patches are coming out of Redmond and why they're needed is not a trivial task.
There's lots of information to watch for and lots of different vehicles to deliver it.
