Zero-Day Team Launches with Emergency IE Patch

Posted by ryuzaki0 on Friday September 22, 2006 @02:13AM from the heroes-of-the-buggy dept.

Holy Mother of Thor writes to mention an eWeek article about a third-party patch for Internet Explorer. A dark horse security group formed after the WMF attacks in late 2005, the ZERT (Zero Day Emergency Response Team) has released a patch to attempt to slow the malware attacks on Windows. From the article: "'It is clear that we are dealing with an underground group of people who are writing exploits for profits. They are waiting for Patch Tuesday to pass, then it becomes Exploit Wednesday. We're seeing these zero-days in the wild, timed precisely to guarantee at least an entire month to spread,' Stewart said in an interview with eWEEK. Stewart, who is volunteering his reverse-engineering skills and time to ZERT in his private capacity, wrote an early version of the VML (Vector Markup Language) patch the group released Sept. 22 and worked closely with others to fine-tune the update to minimize potential glitches."

2 of 157 comments (clear)

Min score:

Reason:

Sort:

Who didn't see this coming by George+Beech · 2006-09-22 02:25 · Score: 4, Interesting

I mean really, it just seems logical if they are only going to patch once a month, then the bad guys will go after every hole that wasn't patched the day after updates are released.
I'm just amazed that it took this long for it to become big news that this kind of thing is going on.
Alternative: Unregister vgx.dll by Noksagt · 2006-09-22 02:32 · Score: 5, Interesting

The latest Security Now! episode had information on this exploit. Those who have policies in which they can't install third party patches do have an alternative:
regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
When MS comes out with a patch,
regsvr32 "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
will re-register it.