Microsoft security hole bugs Web-based email

The hole could also potentially be used to create more significant system damage, experts say. The vulnerability, which was just discovered, works by forcing a computer to process a certain sequence of characters. A user could encounter this situation in several instances: when downloading a Web page that has been embedded with malicious code, when opening an email message on Hotmail or some other Web-based email service or simply by typing the code at a DOS prompt. When a computer encounters the sequence of characters and tries to process them, it crashes. "Basically, if you have a certain combination of certain strings in a file name, it gives the user the blue screen of death," said Elias Levy, chief technical officer at SecurityFocus.com and moderator of the BugTraq mailing list, which has been following the issue for the last week. Microsoft confirmed the vulnerability, which is a type of "Trojan horse," and said it is working on a patch. "It is a vulnerability in which Windows 9x machines can be caused to crash," a spokesperson said. "Microsoft is aware of the issue and is developing a patch that will eliminate it."