Monday, 25 September 2006
ZERT Releases Unofficial Patch for IE's VML Bug |
| |
|
| |
A security group, Zero Day Emergency Response Team (ZERT) has released an unofficial security fix for a flaw in Microsoft's default Web browser and e-mail software. The action comes as computer security organisations in the United States and elsewhere are issuing alarms that online criminals are installing spyware on vulnerable systems.
The patch is available at the ZERT Web site for Windows 2000 SP4, Windows XP (SP1 and SP2), Windows Server 2003 (SP1 and R2 inclusive). "Something has to be done about Microsoft's patching cycle. In some ways, it works. But, in other ways, it fails us," says Joe Stewart, a senior security researcher with SecureWorks, in Atlanta.
"It is clear that we are dealing with an underground group of people who are writing exploits for profits. They are waiting for Patch Tuesday to pass, and then it becomes Exploit Wednesday. We're seeing these zero-days in the wild, timed precisely to guarantee at least an entire month to spread," Stewart said.
"We're not here to replace [software] vendors. The idea is to provide quick, immediate response to threats when we determine that a zero-day threat is posing a serious risk to the public and the infrastructure of the Internet. We're saying, 'here's a temporary patch that we tested and we're confident will help mitigate the risk'. We can't guarantee it is fit for every environment, but we're offering it as an option," Gadi Evron, an Internet security operations specialist well known in botnet-hunting circles, operations manager for ZERT added.
|
| |
|
|
| |
|
|
| |
|
|
| |
|
