We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,693 News Articles

Microsoft pulls Hotmail Attach Photo feature

Incompatibility with IE causes security flaw

Microsoft has received a number of complaints from Hotmail users after the 'attach photo' feature was removed from the webmail service.

The feature allowed users to directly add photos, images or graphics into emails. Users are allowed to quickly edit and add captions to the photos, which are automatically compressed by Hotmail, enabling users to attach more images per email.

It is distinct from Attach File, which still works and lets users attach photos to emails without compressing them or giving users the ability to edit them first.

Users, such as Carl Creed, a retired system administrator in Leiston, say they first noticed Attach Photo was missing about three weeks ago.

He and other users have complained on the Windows Live Help support forum about Microsoft's failure to warn them beforehand and the "wasted hours" they spent trying to debug the feature on their own.

"If Microsoft had just told us end users that they were planning to remove this feature before they did remove it, we would not be so upset in the first place," Creed said.

In a posting to  the Windows Live Help forum and also posted at the Windows Live blog, Microsoft said it removed the feature after finding an "incompatibility with Internet Explorer that caused a security flaw with photo uploads".

"The Hotmail team takes security very seriously and we expect to bring back the photo upload feature by the end of September."

The Attach Photo feature relies on an ActiveX control, a Microsoft spokeswoman said.

ActiveX is a plug-in technology for building web components designed by Microsoft. While theoretically a boon for web programmers, ActiveX has been heavily criticised by security pros, including the US government's Computer Emergency Readiness Team (CERT), for the many threats it enables.

The spokeswoman declined to elaborate on the security flaw because it "might compromise the security of our services."

Ben Greenbaum, a senior research manager for Symantec, declined to criticise the ActiveX technology itself, as the security vendor has done in the past but he applauded Microsoft's decision to take down the feature until the security hole is fixed.

"Attackers are focusing on vulnerabilities in popular websites in order to reach as wide an audience as possible with their attacks, and leveraging such a popular site as an attack vector would be a huge victory for any online criminal," Greenbaum said.

"Disabling the vulnerable functionality until a proper solution can be put in place is absolutely the right thing to do."

Broadband speed test

See also: Google courts Hotmail & Yahoo Mail users


IDG UK Sites

Samsung Galaxy Alpha vs iPhone 5S comparison review: Metal smartphones fight

IDG UK Sites

Gateway to your kingdom: why everybody should check and update their broadband router

IDG UK Sites

Fonts review

IDG UK Sites

Best Mac? Complete Apple Mac buyers guide for 2014