Just when Hotmail users thought it was safe, another violation has been discovered in Microsoft's Web-based email system.

Bulgarian programmer Georgi Guninski took credit for finding the latest Hotmail hole. He's been on a roll of late finding security holes, including two holes in Internet Explorer 5.

According to a Microsoft spokeswoman, the vulnerability strikes when a Hotmail user opens a message with malicious JavaScript code. The code can execute a display of a fake Hotmail log-in page, where an unwitting user enters his password, she said.

This could allow an attacker to steal a user's password and then read messages or do other activities.

But Microsoft isn't taking blame for this Hotmail problem. "Microsoft takes security problems seriously, but this is not a security issue," the spokeswoman said. This Hotmail problem is the result of people "targeting users to run malicious code on the Web."

The best way to avoid the latest Hotmail vunerability is to disable JavaScript, Guninski said.

Hotmail has proven to be a hot spot for Microsoft. The email service was hacked into last month, and a Swedish hacker set up a Web site featuring how attackers could gain complete access to users' e-mail accounts. Microsoft then announced an outside firm will audit Hotmail for security risks.