Microsoft recently patched a Hotmail security flaw that enabled attackers to access a user's e-mails and contacts.
"The vulnerability was actively being exploited using emails that contained malicious scripts, Trend Micro researcher Karl Dominguez said Monday," writesThe Register's Dan Goodin. "Successful attacks required only that a Hotmail user open the malicious email or view it in a preview window."
"Trend first disclosed the bug on May 13," Goodin writes. "Monday's blog post said Microsoft has since plugged the hole, which resided in CSS, or cascading style sheet functionality, but didn't say when."
Go to "Exploited Hotmail bug stole email without warning" to read the details.