Microsoft Rushes Patch for VML Exploit

Posted by bink on September 23 2006, 7:17 PM. Posted in Security.

Sophos Labs now rates as “critical” a re-emerging exploit to Microsoft’s Vector Markup Language (VML) library, which Microsoft now says it will try to patch before its original October 10 deadline, announced on Thursday. This comes as the SANS Group raises its InfoCon level officially to “yellow,” “to emphasize the need to consider fixes.”

In the meantime, a group of software engineers called the Zeroday Emergency Response Team (ZERT) has issued what it characterizes as an interim patch for the VML exploit, possibly closing the door to a new series of Trojans.

In so doing, a new group resurrects some old questions: Should consumers trust third parties to patch Windows when Microsoft isn't able to do so just yet? And does implementing a third-party patch make it more difficult for Microsoft - or anyone - to patch Windows in the future?

Only in the information security business can one become both underground and high-profile simultaneously. A story in Friday morning's eWeek characterized ZERT as "a high-profile group of computer security professionals," although the membership list on the group's Web site admits to not listing everyone in the group, because "some ZERT volunteers prefer anonymity."

ZERT only claims its patch addresses the buffer overflow vulnerability, but does not explain exactly what it is the patch is supposed to do. Not even the eWeek story gives a description of the patch, although it does quote one volunteer member of the ZERT group as saying, "Something has to be done about Microsoft's patching cycle."

"ZERT members work together as a team," the group's Web site reads, "to release a non-vendor patch when a so-called '0day' (zero-day) exploit appears in the open which poses a serious risk to the public, to the infrastructure of the Internet or both. The purpose of ZERT is not to 'crack' products, but rather to 'uncrack' them by averting security vulnerabilities in them before they can be widely exploited."

Continue At Source