The latest problem, reported to us by Neowin user flanderssoft, centres around the ability to refresh a page other than the one currently open - if that page has loaded a popup in the first place. It would allow visitors clicking on a malicious link to Hotmail to initially be served with the correct page, before being transferred seconds later to one which looks identical on another server. If the URLs were similar, its likely many users wouldnt notice the change.
The exploit sample below only works on IE: however, tests seem to suggest it may work on other browsers. The only reason it doesnt in this case is the use of an unusual extension (.srf) throwing them off.
View: Sample exploit