Educate your users and friends/family...Microsoft never sends patches (updates) in an e-mail. According to Techweb today, a couple of Trojans are posing as Microsoft patches/updates.
The first line of the spoofed e-mail "Microsoft Cooporation" [sic] -- is a dead give-away that the message is not genuine, the article states.
If users click on the embedded link as instructed to "download the patch and protect your computer against WinLogon attacks" they actually download a keystroke logger "BeastPWS-C" .
Direct your users to the How to tell whether a Microsoft security-related e-mail message is genuine page that reminds them that "We never attach software updates to our security e-mail notifications." "We never send notices about security updates or incidents until after we publish information about them on our Web site. Check the Security site on Microsoft.com to see whether the information is listed there."