Another major security flaw in the pipeline for Microsoft. The Washington Post is reporting that this one could be big. It’s more of the same stuff, a hole in windows that allows spoffers to install spyware and other code to take control and spy. However, this one may allow attackers to gain financial information from bank websites, emails, and e-commerce sites simply by you visiting them. Microsoft warns users not to click links, open attachments of visit unfamiliar websites till the flaw is fixed. It is known that some code can be installed through banner ads on websites. Be Careful!

Security researchers revealed the flaw on Tuesday and posted instructions online that showed how would-be attackers could exploit the flaw. Within hours, computer virus and spyware authors were using the flaw to distribute malicious programs that could allow them to take over and remotely control afflicted computers.

Microsoft’s statement about how the would-be attackers could exploit the flaw brings back many questions about open source technology and if Microsoft keep quite about flaws in there OS till they have a fix for them. In the past Microsoft used to not mention there holes in the OS till they had a fix but since a flurry of complaints that they should revile them right away they have been doing just that. This brings up the question now of, should they revel them or not? I mean come on, the average computer user (home user) isn’t going to patch there machine till the little window pops up and says they have updates to install. Microsoft now posted the flaw and how to use it. This is just plain dumb. What do you think? Should Microsoft post there flaws when they find out about them or should they keep it to themselves till they have a fix?