Microsoft now manually checking Hotmail servers for flaw.

After a long day of updating hundreds of servers, Microsoft representatives believe that a flaw in Hotmail allowing anyone to access users_ e-mail accounts has been fixed, a company spokesperson said Monday. The company was alerted to a flaw that allowed a Swedish-hosted Internet site to access any user_s Hotmail account without a password, and believed it had the issue resolved. However, tests at InfoWorld showed that a slight variation on the original exploit still allowed access to accounts. The company believes it has now updated all its servers appropriately and is now performing a closer inspection of each machine. "We_ve been updating the Hotmail servers throughout the morning. There was one that hadn_t yet been updated, but it has now," said a Microsoft spokesperson. "We now have testers manually double checking each server to make sure they are updated. The bottom line is it should be fixed." The attack is particularly devastating because of the millions of potentially vulnerable accounts and how simple it is to exploit the hole. The exploit does not require any hacking skills, only the name of a user account and the ability to cut and paste text. The flaw, which was uncovered Monday, was fixed on certain servers. But, by varying the server number entered, InfoWorld Test Center representatives still were able to access Hotmail e-mail accounts without a password. InfoWorld representatives have confirmed that the flaw was no longer accessible Monday afternoon. As the bug is part of the company_s servers, Hotmail users need not worry about downloading a fix, according to Microsoft. Hotmail, which was acquired by Microsoft last year, targets its free e-mail accounts at consumers, but many corporate users have used Hotmail or other free e-mail services as a backup to corporate messaging systems. It has approximately 40 million accounts.