News

Independent team issues new Microsoft patch

An independent group of security engineers has for the second time in a fortnight released an unofficial patch to tackle a security bug in Microsoft software.

The Zeroday Emergency Response Team (Zert), set up by a group of professionals to produce non-supplier patches as protection against zero-day exploits, has released a new patch for a vulnerability in the Microsoft Windows WebViewFolderIcon ActiveX control that could allow remote code execution by attackers.

The bug has not yet been patched by Microsoft, although the software giant said it was “aware of proof of concept code published publicly” but had not heard of any attacks exploiting the bug. Microsoft intends to patch for the vulnerability on 10 October as part of its regular monthly security update.

But the Zert team has released an update to its ZProtector to protect against the bug – less than two weeks after it anticipated Microsoft by issuing a fix for the critical Vector Markup Language bug.

Microsoft later issued its own patch for the Vector Markup Language flaw, in an unusual move outside its monthly patching cycle.

Security firm Determina has also issued a patch for the new ActiveX control vulnerability.

The Zert team has now withdrawn its original Zert2006-01 v1.0 patch, issued to tackle the Vector Markup Language bug, advising users to apply the official Microosft patch instead.

But it has released a v2.0 fix, aimed at users of older versions of Windows for which the software giant no longer provides security updates.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy