Since this story was originally posted, additional information on where to download the ZERT patch has been added.
A loosely-organized group of security researchers that go by the name Zeroday Emergency Response Team (ZERT) have released a patch for a bug that exploits vulnerabilities in Microsoft’s Internet Explore Web browser and Outlook application before the Redmond, Wash.-based software giant released it own official patch, the IDG News Service reports via PC World.
ZERT released a patch for the Vector Markup Language (VML) vulnerability, according to the IDG News Service.
Microsoft said it will issue a patch for the flaw on Oct. 10 when it releases its monthly set of security updates, the IDG News Service reports.
On Friday, the Sans Internet Storm Center bumped up its security alert status concerning the vulnerability from green to yellow, signifying that the flaw is more commonly being exploited by hackers and other criminals looking to perpetrate crimes, according to the IDG News Service.
“We think it’s great that there are people out there working to help protect out customers,” wrote Microsoft Security Response center operations manager Scott Deacon on a blog, the IDG News Service reports. “But as we’ve always said, we cannot endorse third party updates.”
Security experts caution that the ZERT patch has not undergone widespread testing—as all Microsoft patches do before their releases—and could therefore lead to additional problems in the future, according to the IDG News Service.
ZERT has said it will continue to release patches for Microsoft vulnerabilities, among others, whenever unpatched flaws become a “serious risk to the public, the infrastructure of the Internet, or both,” the IDG News Service reports.
The ZERT patch can be downloaded here.
This article is posted on our Microsoft Informer page. For more news on the Redmond, Wash.-based powerhouse, keep checking in.
Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.