Microsoft Implements Broader Solution for Hotmail Security Issue

SAN JOSE, Calif., Aug. 27, 1998 — Hotmail from Microsoft Corp. last night deployed a broader solution for a security vulnerability in its Hotmail e-mail service. The thoroughly tested and audited solution protects users from malicious HTML e-mail containing JavaScript, plug-ins, Microsoft® Active X® Controls and Java Applets. To further safeguard against the unauthorized mimicking of the Hotmail site, a new navigation frame indicates to members following links to non-Hotmail content that they have left the Hotmail site.

The broad fix was developed to provide Hotmail members with additional security enhancements beyond the fix introduced Monday evening. That fix was in response to a reported security vulnerability, whereby an unauthorized party could intentionally send a Hotmail member an e-mail message containing embedded JavaScript code to steal the member’s password. When the Hotmail member viewed the message, the JavaScript code mimicked Hotmail, asking the Hotmail member to log in again. During the fraudulent re-login process, the Hotmail member’s user name and password were sent to the unauthorized user via e-mail. The broad fix implemented last night provides additional safeguards against misuse of JavaScript, plug-ins, ActiveX Controls and Java Applets.

Hotmail is committed to protecting its members and their accounts and takes even the smallest e-mail security risk seriously. Hotmail will continue to work on enhancements that provide a broader level of security and user functionality. Members are advised to always use caution and not open attachments from unknown sources.

Microsoft’s award-winning Hotmail is the world’s leading free Web-based electronic mail service with over 22 million members and more than 100,000 new accounts established each day. With offices in Sunnyvale, Calif., the company offers globally accessible, easy-to-use and feature-rich personal e-mail to its members. Hotmail was acquired by Microsoft in December 1997 and is now part of the Microsoft Interactive Media Group. Hotmail is a leader in consumer advocacy and is widely recognized for its strong anti-spam measures. To sign up for Hotmail, go to http://www.hotmail.com/ .

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software for personal computers. The company offers a wide range of products and services for business and personal use, each designed with the mission of making it easier and more enjoyable for people to take advantage of the full power of personal computing every day.

#########

Microsoft and ActiveX are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.

Other product and company names herein may be trademarks of their respective owners.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft’s corporate information pages.

Related Posts

Q&A: Fighting Spam at MSN Hotmail

In a conversation with PressPass, Randy Delucchi, MSN Hotmail director of operations services, discusses the many steps the Web-based email service takes to protect its users from unwanted email.