Microsoft To Issue Emergency IE Patch 79
CWmike writes "Microsoft will release its emergency patch for Internet Explorer on Thursday, the company said, as it also admitted that attacks can be hidden inside rigged Office documents. 'We are planning to release the update as close to 10:00 a.m. PST as possible,' said Jerry Bryant, a program manager with the IE group. Microsoft has updated the security advisory it originally published last week when it acknowledged a zero-day IE vulnerability had been used by hackers to break into the corporate networks of Google and other major Western companies. Google has alleged that the attacks were launched by Chinese attackers. Subsequently, security experts have offered evidence that links the attacks to China."
Attack from the source (Score:4, Interesting)
As I recall, the Chinese government has access to the Windows source code [cnet.com]. Google's been claiming that the Chinese government launched the attacks, and security experts have backed them up. The obvious conclusion is that having the source gave the Chinese government the opportunity to develop a new attack against Windows.
While some might see this as an argument against Open Source security products, I see exactly the opposite. The closed source made it possible for the only party with the source to gain an advantage. In products where the source is available to everyone, there is no advantage to any party. Therefore the holes are found and sealed, instead of left to fester, like this one was.