Current category:Malware

Microsoft Patches Exfiltration Flaw in Hotmail

Hotmail flaw

Trend Micro, via Help Net Security, has reported a flaw in Microsoft’s Hotmail service that allows exfiltration via a script, enabling attackers to syphon off user contact information and messages from a users account.

The good news is that it’s patched already. The next bit of good news is that if a user logged out just after infection, the session for the hotmail account was ended, which stopped the exploit cold.

The ingenuity of the attack was such that it did not require a user to actually click on a link to work or download something, but just to open a specially crafted email which in turn would allow a script embedded into the email to do the dirty work.

The attack looks like it was specifically targeted, and used variables used by hotmail itself to work.

It is unknown at this time how many users might have been affected by the exploit, but kudos to Microsoft for the quick fix.

GD Star Rating

About Justin Bellinger

Justin is an experienced software professional, having worked in software and software security for nearly 20 years. Justin is VP of Security Products at SPAMfighter.
This entry was posted in Malware and tagged , , . Bookmark the permalink.


Leave a Reply

Your email address will not be published. Required fields are marked *