A high-profile group of computer security professionals scattered around the globe has created a third-party patch for the critical VML vulnerability as part of a broader effort to provide an emergency response system for zero-day malware attacks.
The group, known as ZERT (Zero Day Emergency Response Team), was formed in the aftermath of the WMF (Windows Metafile) attacks of December 2005 and is now emerging from stealth mode with an unofficial patch that offers temporary respite from a spate of drive-by malware downloads aimed at users of Microsoft’s Internet Explorer browser.
The patch, which was created and tested by a roster of reverse engineering gurus and virus research experts, is available from the ZERT Web site for Windows 2000 SP4, Windows XP (SP1 and SP2), Windows Server 2003 (SP1 and R2 inclusive).
“Something has to be done about Microsoft’s patching cycle. In some ways, it works. But, in other ways, it fails us,” says Joe Stewart, a senior security researcher with SecureWorks, in Atlanta.
“It is clear that we are dealing with an underground group of people who are writing exploits for profits. They are waiting for Patch Tuesday to pass, then it becomes Exploit Wednesday. We’re seeing these zero-days in the wild, timed precisely to guarantee at least an entire month to spread,” Stewart said in an interview with eWEEK.