gordhun...
Most updates for things like Java are focused on bugfixs, not new features. So your stuff will run on the old versions, but not as safely. About 3 or 4 times a year, Oracle releases what they call "critical patch updates". You probably want to have those.
As for Hotmail (Outlook?) accounts, I do know that, in order to make your account more secure, Microsoft will require a two-step verification to access more sensitive parts of your account. (i.e., you will have to enter a password AND enter a code that they send to your phone and/or secondary email account). The new Microsoft accounts ask you to configure this from the start, but these kinds of features were rare back in the Hotmail days.
If the notifications seem sketchy to you (like talking to a telemarketer), like carlch said, there are always safer ways to accomplish the same task. Go directly to
outlook.com, and you can edit your account properties by clicking on the 'gear' icon. (Doing it this way is sort of like calling the bank yourself, instead of dealing with a shady person who called you out of the blue). People might be able to hijack your computer to send you messages that look like they are coming from Outlook.com, but if somebody actually hijacked Outlook.com the way this BlogSpot page appears to have been hijacked, the whole world would know pretty soon.
Of course, if you've let your computer get infected by a keylogger, it doesn't really matter if the website is completely safe, everything you do could be compromised.