Zero-Day Security Patches - Third-Party Fixes Have Microsoft Pissed

When the latest nasty, a zero day exploit for the critical VML (Vector Markup Language) vulnerability came out, professionals started to freak out. Not only does this particular nasty affect people that use Internet Explorer, but it also affects Office 2003 and Outlook HTML emails.

The newest zero-day flaw is being used by the bad guys to flood computers with bots, Trojan downloaders, spyware and rootkits. Some of the "stuff" included browser toolbars, spyware programs with stealth rooting capabilities, and a dangerous keystroke logger that can steal information from computers. There is also a banker Trojan that records login information from financial websites.

Microsoft is working on an official patch, but expects its customers to wait until October 10th to see it. For a group of third party security pros, this is unacceptable - so they did something about it themselves, releasing an un-official patch of their own. Microsoft, strangely enough, is quite irritated by the release.

The good news is that only a few websites have been found (so far) that are using the exploit. For most computer users, the even better news is that a timely response was made by security pros scattered around the world. This group is calling itself ZERT (Zero Day Emergency Response Team), and have emerged to the digital cheers of people who think waiting nearly 3 weeks for an official Microsoft fix is too long.

ZERT is not trying to serve as a replacement for official patches. Instead, they are providing temporary relief from the most severe threats Windows users face. When official fixes are released, ZERT pulls their temporary fix.