On June 23, April 28, Microsoft urgently released a patch to fix a serious security vulnerability in Hotmail. This security vulnerability allows a hacker to reset the password of a Hotmail account so that the owner cannot log on and allow the attacker to access the user's inbox.
Microsoft released this patch because some hackers are already actively exploiting this security vulnerability on the Internet. A security news website reported that some hackers are providing services that break Hotmail accounts at a price of $20 per account.
Computer security personnel discovered this vulnerability in early April and soon notified Microsoft. This security vulnerability involves how the Hotmail software processes data that must be transferred back and forth when a user resets the password.
After the details of this security vulnerability were leaked, some hackers found a way to bypass this method. Using Firefox's plug-in attack, hackers can obtain account control data transmitted between users and Hotmail servers for their attack targets.
With the spread of this security vulnerability knowledge, some hackers began to break the Hotmail account to make money. Some people posted videos on the YouTube website to introduce how to break the Hotmail account in real time.
It is unclear how many Hotmail accounts have been attacked by hackers using this security vulnerability. However, the attacked users will know that they cannot access their Hotmail accounts.
Due to the active use of this security vulnerability, Microsoft found a solution to this vulnerability over a day and updated Hotmail. Now, hackers get an error message when manipulating data exchanges. Microsoft issued a brief statement on the security patch, saying that users do not need to take further measures.