“Microosft”. Patch Tuesday goof points users to typo-bait website

Graham Cluley
Graham Cluley
@[email protected]

"Microosft". Patch Tuesday goof points users to typo-bait website

As Thomas Claburn at The Register reports, Microsoft made an embarrassing goof in the release notes it published for the Patch Tuesday security updates it issued earlier this week.

Rather than directing readers to a blog post from the Microsoft Security Response Center on msrc-blog.microsoft.com, it mistakenly pointed them towards msrc-blog.microosft.com instead.

Incorrect url
That’s not the proper URL for Microsoft. Source: The Register

Ooh dear.

It’s an easy typo to make, and one that was easy for Microsoft to fix once they became aware of it.

But anyone clicking on the link in the meantime was redirected via the third-party microosft.com typo-bait website to one owned by someone who was keen to make a few cents from Google Ads whenever folks fumbled the spelling in their browser.


Thankfully, there was nothing malicious at the microosft URL, but there could so easily have been.

Sign up to our free newsletter.
Security news, advice, and tips.

Microsoft confirmed to The Register that their webpage pointing to “microosft” had not been hacked, and that it was simply a typo by one of their team. But I must admit that I’m surprised those maintaining webpages on the Microsoft Security Response Team site have to ever type in URLs by hand.

Wouldn’t it be simpler and less prone to screw-ups to cut-and-paste URLs, or use the content management system to offer URLs to link to?

At the end of the day, no harm seems to have been done. But it’s something Microsoft should be more careful about in future.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.