Authenticating a Microsoft Security CD

I see that Microsoft is now offering to send users free security update CD’s.

This would appear to open up another opportunity for the bad guys — mailing out what appear to be Microsoft Security CD’s to high potential targets with the objective of installing their latest keylogger, etc. Certainly it would be a more expensive attack to pull off than spam phishing — but probably one that if done well would yield better responses.

How is a recipient of what appears to be a Microsoft Security CD supposed to authenticate that it’s legitimate? For that matter how is the recipient of one of the zillions of AOL CD’s supposed to authenticate it either?