http://www.v3.co.uk/v3-uk/news/2207737/hackers-target-windows-update-in-phishing-attack
Hackers target Windows Update in phishing attack
Security vendor Sophos said that the scammers have constructed spam messages which claim to originate from the privacy@microsoft.com email address. The messages, which are designed to resemble official alerts from Microsoft, advise users that their systems might be at risk and advises visiting a supposed "update" page.
Upon clicking the link, however, users are directed to a phishing site which attempts to harvest email addresses for webmail services including Gmail and AOL mail.
"But the grammatical errors and occasional odd language should raise alarms bells that the emails may not really be from Microsoft."
The flaw, which is triggered by way of an infected .swf file, had been exploited by attackers to perform covert malware installations.