Microsoft patched a hole in it's .Net Passport identity management service last night after a security researcher disclosed a potentially serious flaw that could enable attackers to hijack Passport accounts.

The vulnerability was in the code for a "Secret Question" feature that helped users who had forgotten their Passport password, according to a message posted by Victor Manuel Alvarez Castro, who identified himself as a security consultant.

Read more: [URL=http://www.pcworld.com/news/article/0,aid,111424,00.asp]PC World[/URL].