Microsoft Quietly Patches a Zero-Day Flaw in Hotmail


Microsoft has finally and stealthily found a way to fix the Hotmail accounts hacking issue. The tech giant has successfully dealt with its password reset system that was previously breached by hackers, thereby allowing them control of some e-mail accounts.

Cyber intruders were able to intercept the outgoing HTTP request following a password request reset and modify the data with the aid of Firefox add-on, Tamper Data. Thereafter, the account will be locked by the hacker and get hold of the inbox. But the team is quick to respond to the challenge that was first discovered by a hacker from Saudi Arabia.

They also made a formal advice via one of the tweets “On Friday we addressed a reset function incident to help protect Hotmail customers, no action needed.”

Microsoft’s Security Response Team on Twitter mentioned that they have already addressed the problem since Friday. In a security blog, the company educated the public on what has just transpired,

“The attackers are not deterred by early failures and they are likely to attack the same target repeatedly, using different techniques, until they succeed. These attackers will regroup and try again, even after their attacks are uncovered. In many cases the attacks are consciously directed by well-resourced sponsors. This provides the attackers with the resources to adapt to changing defenses or circumstances, and directly supports the persistence of attacks where necessary.”

Sophos senior technology consultant Graham Cluley warned users to be watchful of their accounts and not to be complacent with even minor irregularities because hackers feed through vulnerabilities and stolen identities. He said,

“Hackers aren’t just interested in breaking into email accounts out of curiosity or because they want to read your spam. They’re also interested in stealing your identity and perhaps using an email account hack as a method to crowbar their way into other online accounts under your control.”

Hotmail has been battling to stay relevant in today’s existence with the likes of Facebook, Google and Twitter around. Whether it is the name or the lack of features that make Microsoft’s web-based email a bit old fashioned and outdated, the move to tackle their password reset element’s vulnerability shows that the organization is putting in some effort to take the competition seriously and little by little get their mojo back. Data breaches have become a common menace in the tech society last year as even the big names including Facebook and Google are battling it out in the internet security arena.