Why bogus Microsoft patches aren’t always malicious

For years we’ve been warning you about fake Microsoft security patches – usually these have been spammed out by hackers, using forged email headers to pretend to come from the software giant, and recommending you install the attached file immediately to protect against an internet threat.

Of course, if you do run that bogus patch from ‘Microsoft’ you’ll find it’s really a Trojan horse, or a worm, or something else designed to undermine the security of your PC. This is one of the reasons why Microsoft reminds users that it never sends out patches via email.

Here is an example of a fake Microsoft security update from last October:

Fake Microsoft update

Sign up to our free newsletter.
Security news, advice, and tips.

Windows 7 logo
In light of this, some people may raise an eyebrow at the news that Microsoft has announced it is planning to issue a series of fake updates for its latest operating system, Windows 7.

The reason? Microsoft wants to test how well Windows 7’s update mechanism works, by issuing as many as 10 fake updates in the next week to users of the just-issued release candidate.

According to a Microsoft spokesman, the company wants to verify its “ability to deliver and manage updating of Windows 7 in certain real-life scenarios.” Which seems fair enough. After all, you wouldn’t want Microsoft to only find out it has a problem updating users of Windows 7 once millions of people have installed it onto live, working systems.

Users of products which are still in their release candidate phase should realise that it isn’t the final shipping product, and changes and tweaks and fixes can still be made to improve any last-minute problems which are found.

But note one thing – Microsoft will be pushing out these “bogus” updates via its normal updating mechanisms. They won’t be spamming them out via email or planting them on third-party websites. Hackers may try and take advantage of pioneering users running the Windows 7 release candidate by distributing their own fake updates to the operating system, so you would be wise – as always – to be on your guard.

And don’t forget that tomorrow is Patch Tuesday, and Microsoft is expected to issue a critical security patch fixing a problem with PowerPoint that has been exploited by hackers recently. At least that patch will be real.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.