Hunter Strategies LLC logo

Microsoft News Tracker

What's more interesting than observing Microsoft?

September 22, 2006

Third party patch released for zero day Microsoft VML exploit

Posted by David Hunter at 2:36 PM ET.

There’s another serious zero-day Microsoft security exploit in the wild hitting Internet Explorer and Outlook and the citizens are taking matters into their own hands instead of waiting for the Microsoft cavalry. I think I’ve heard this story before. Maybe twice. The twist is now that the citizens are more organized as Ryan Naraine reports at eWeek:

A high-profile group of computer security professionals scattered around the globe has created a third-party patch for the critical VML vulnerability as part of a broader effort to provide an emergency response system for zero-day malware attacks.

The group, known as ZERT (Zero Day Emergency Response Team), was formed in the aftermath of the WMF (Windows Metafile) attacks of December 2005 and is now emerging from stealth mode with an unofficial patch that offers temporary respite from a spate of drive-by malware downloads aimed at users of Microsoft’s Internet Explorer browser.

The patch, which was created and tested by a roster of reverse engineering gurus and virus research experts, is available from the ZERT Web site for Windows 2000 SP4, Windows XP (SP1 and SP2), Windows Server 2003 (SP1 and R2 inclusive).

“Something has to be done about Microsoft’s patching cycle. In some ways, it works. But, in other ways, it fails us,” says Joe Stewart, a senior security researcher with SecureWorks, in Atlanta.

“It is clear that we are dealing with an underground group of people who are writing exploits for profits. They are waiting for Patch Tuesday to pass, then it becomes Exploit Wednesday. We’re seeing these zero-days in the wild, timed precisely to guarantee at least an entire month to spread,” Stewart said in an interview with eWEEK.

There’s much more about ZERT by following the link and more about patching for this exploit at the SunbeltBlog. Sunbelt Software originally discovered the exploit.

Filed under Internet Explorer, Microsoft, Office, Outlook, Patch Tuesday, Security

Related posts:


One Response to “Third party patch released for zero day Microsoft VML exploit”

  1. Microsoft considers an early patch for VML exploit -- Microsoft News Tracker Says:

    [...] The VML exploit we mentioned on Friday that leaves Outlook and Internet Explorer wide open to abuse now has Microsoft concerned enough to consider not waiting to provide a fix until the next patch Tuesday in October as Scott M. Fulton III reports at BetaNews: Sophos Labs now rates as “critical” a re-emerging exploit to Microsoft’s Vector Markup Language (VML) library, which Microsoft now says it will try to patch before its original October 10 deadline, announced on Thursday. This comes as the SANS Group raises its InfoCon level officially to “yellow,” “to emphasize the need to consider fixes.” [...]

News Search:

Recent Posts:

Daily Digest Email:

Enter your Email

Powered by FeedBlitz


Full category list


Archive List

RSS Feed:

HunterStrat Links:


  • Powered by WordPress.