Microsoft has warned that a surprisingly realistic security notification for Microsoft's Patch Tuesday is a fake.

Attackers are apparently taking advantage of it to send legitimate-looking mailings to Microsoft customers that include a Trojan virus called Trojan.Backdoor.Haxdoor that could allow attackers to execute files and steal information from compromised computers.

What is fooling many punters is a that the email includes a legitimate-looking PGP signature, as well as purporting to come from a real Microsoft employee.

Christopher Budd, a security program manager in the Microsoft Security Response Centre, wrote in his blog that he received some questions from customers about the e-mail that comes with an attached executable, which it claims is the latest security update.

What is worrisome is that this one is signed by Steve Lipner and has what appears to be a PGP signature block attached to it.