The Third-Party Patching Conundrum

An anonymous reader writes, "The Zero Day Emergency Response Team, or ZERT, stepped out of the shadows a week ago to offer a quick patch for the Microsoft VML vulnerability. eWeek reports that reactions to third-party patches have been mixed. Jesper Johansson, a former Microsoft security consultant, said 'I will not use the unofficial patch, nor can I think of anyone I would recommend it to.' ZERT has enrolled former White House IT security expert Marcus Sachs as a spokesman of sorts. He told eWeek, 'This patch is just another arrow in the quiver. These guys are some of the best-known reverse engineers and security researchers. It's a tight-knit group that has worked for years to make the Internet a safer place. This isn't a patch created by some guy in a basement.' And while MS did release an out-of-band patch this week for XP, ZERT releases updates for operating systems that are out of MS support: Windows 98, Windows 98 SE, Windows ME, Windows 2000 and Windows 2000 SP3."

I'll use them

[ancientt]

I don't know anything about them, but when I get back to work on Monday I'm going to investigate with the hope I can use them to keep my old Windows installs secure. If they're doing patches for Windows 2000 then I practically have to at least look at the option. If Microsoft were reliable and didn't stop releasing security patches for "old" OSs, then I wouldn't need to.

I hope this really irks the people at Microsoft that make the decisions on when to EOL something.