Group releases "temporary" VML patch; Microsoft's version coming soon

Microsoft consistently comes under fire for the way it handles security patches. The company has had problems with response time, buggy releases, and the negative effect that the patches have on third-party (and sometimes their own) software. But of those three problems, the response time issue seems to be raised the most, mainly because of the risk a user takes when surfing the web, downloading software, and reading e-mail on an unpatched system.

With celerity in mind, Microsoft released a statement last week confirming that a new vulnerability in the Windows implementation of the Vector Markup Language (VML), an XML language used to create vector images, does exist. The company also acknowledged that hackers are currently targeting the flaw. While Microsoft has said that it will try to issue a patch for the problem prior to the October 10 deadline, one group has decided to take the issue into its own hands.

Enter the Zeroday Emergency Response Team, or ZERT, which is a self-proclaimed "group of engineers with extensive experience in reverse engineering software, firmware and hardware coupled with liaisons from industry, community and incident response groups." Working without any corporate affiliation, the team was formed after the WMF brouhaha. Thanks to the severity of the VML exploit, ZERT has come together and released its own patch for the vulnerability.

The ZERT group is an interesting bunch, primarily because many of its members choose to remain anonymous. Some of the known members include IDA Pro author Ilfak Guilfanov, Sabre Security CEO Halvar Flake, Internet Software Consortium founder Paul Vixie, former Virus Bulletin editor Nick FitzGerald, and Cisco IOS pro Hank Nussbacher. While some of the names are new to me, I have used IDA Pro in the past and it is, to say the least, an amazing disassembler.

More Info : http://arstechnica.com/journals/microsoft.ars/2006/9/24/5392