Read this on slashdot, lots of good comments there. ;)
http://slashdot.org/

Might be a good idea to double check your spam account (hotmail) and make sure you don't have any mission critical info there. As someone said, security to MS means to have FINANCIAL security. :)

http://securitytracker.com/alerts/2003/May/1006728.html
Description:**A vulnerability was reported in Microsoft .NET Passport, also affecting Hotmail accounts. A remote user can change an arbitrary target user's password to an arbitrary value and then access the target user's account.

It is reported that a remote user can use the .NET Passport password reset form to request that an arbitrary user's password be changed.

The remote user (attacker@attacker.com) will then receive an e-mail from the .NET Passport server providing a URL where the remote user can change the password. The form does not require the remote user to enter the previous password.

Hotmail accounts using .NET Passport authentication are affected. Other Passport-related accounts may or may not be affected.

The vendor has been notified.

A customer of mine uses Microsoft Internet Security and Acceleration server as their companies Firewall and external router (a PC Win2000 server with 2 nics and MS ISA installed). I tried to explain to them a real Cisco type firewall/router might be a better choice than a MS based solution. I guess they will need to be attacked to learn their lesson.