SRO: New Hotmail Hole Discovered

“Guninski, who has made a name for himself by finding security
violations in browsers, has found that Hotmail enables Web-paged
embedded Javascript code to run automatically…”

Microsoft is not claiming ownership of this latest problem.
“This is not a Hotmail security issue. We see it as an example of
people encouraging users to run malicious code on the Web,” a
Microsoft spokesperson said.

“To protect yourself now, you can disable Javascript, just
disable it before using Hotmail, or do not open mail from unknown
people when you think it might contain Javascript,” the
spokesperson added. “Microsoft is investigating ways for Hotmail
users to have greater security against threats posed by malicious
use of Javascript in email.”