Microsoft patched a hole in it's .Net Passport identity management service last night after a security researcher disclosed a potentially serious flaw that could enable attackers to hijack Passport accounts.
The vulnerability was in the code for a "Secret Question" feature that helped users who had forgotten their Passport password, according to a message posted by Victor Manuel Alvarez Castro, who identified himself as a security consultant.
Read more: PC World.