“Microosft”. Patch Tuesday goof points users to typo-bait website

Graham Cluley
@gcluley

As Thomas Claburn at The Register reports, Microsoft made an embarrassing goof in the release notes it published for the Patch Tuesday security updates it issued earlier this week.

Rather than directing readers to a blog post from the Microsoft Security Response Center on msrc-blog.microsoft.com, it mistakenly pointed them towards msrc-blog.microosft.com instead.

That’s not the proper URL for Microsoft. Source: The Register

Ooh dear.

It’s an easy typo to make, and one that was easy for Microsoft to fix once they became aware of it.

But anyone clicking on the link in the meantime was redirected via the third-party microosft.com typo-bait website to one owned by someone who was keen to make a few cents from Google Ads whenever folks fumbled the spelling in their browser.

Thankfully, there was nothing malicious at the microosft URL, but there could so easily have been.

Sign up to our newsletter
Security news, advice, and tips.

Microsoft confirmed to The Register that their webpage pointing to “microosft” had not been hacked, and that it was simply a typo by one of their team. But I must admit that I’m surprised those maintaining webpages on the Microsoft Security Response Team site have to ever type in URLs by hand.

Wouldn’t it be simpler and less prone to screw-ups to cut-and-paste URLs, or use the content management system to offer URLs to link to?

At the end of the day, no harm seems to have been done. But it’s something Microsoft should be more careful about in future.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.