Independent team issues new Microsoft patch


Independent team issues new Microsoft patch

Tash Shifrin

An independent group of security engineers has for the second time in a fortnight released an unofficial patch to tackle a security bug in Microsoft software.

The Zeroday Emergency Response Team (Zert), set up by a group of professionals to produce non-supplier patches as protection against zero-day exploits, has released a new patch for a vulnerability in the Microsoft Windows WebViewFolderIcon ActiveX control that could allow remote code execution by attackers.

The bug has not yet been patched by Microsoft, although the software giant said it was “aware of proof of concept code published publicly” but had not heard of any attacks exploiting the bug. Microsoft intends to patch for the vulnerability on 10 October as part of its regular monthly security update.

But the Zert team has released an update to its ZProtector to protect against the bug – less than two weeks after it anticipated Microsoft by issuing a fix for the critical Vector Markup Language bug.

Microsoft later issued its own patch for the Vector Markup Language flaw, in an unusual move outside its monthly patching cycle.

Security firm Determina has also issued a patch for the new ActiveX control vulnerability.

The Zert team has now withdrawn its original Zert2006-01 v1.0 patch, issued to tackle the Vector Markup Language bug, advising users to apply the official Microosft patch instead.

But it has released a v2.0 fix, aimed at users of older versions of Windows for which the software giant no longer provides security updates.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy