The programming bug has allowed hackers to read and steal emails from Hotmail users, according to security firm Trend Micro, sending specially manipulated messages to several thousand victims.
Trend Micro discovered the problem on May 12, when it found a message sent to a victim in Taiwan that looked like a Facebook notification alert. In it, the victim was alerted that someone had accessed their Facebook account from a new location.
Included in the message was a script that then directed users' messages to hackers. But for the attack to work, the victims had to have authenticated to Hotmail and opened the message. If it was simply previewed, the attack was not effective.
The flaw in the Microsoft website that has allowed hackers to carry out their goal is a common cross-site scripting web programming error and has already been solved last Friday 20.
Complete content in original CSO source
