Microsoft has battled with security problems with their software particulary Internet Explorer and Outlook.

Recently a nasty bug has created issues with these two programs but Microsoft appears to be very slow to react…the latest date offered in regards to a fix is October 10.

Interestingly a group of private researchers have seen the opportunity to get in and deal with the problem but Microsofts response is interesting to say the least.

A snippet of the story follows…

New Security Group Patches Latest IE Flaw
But Microsoft doesn’t recommend users try ZERT’s fix for Internet Explorer’s VML bug.

A loose affiliation of security researchers going by the name of ZERT (Zeroday Emergency Response Team) has released a patch for the VML (Vector Markup Language) vulnerability, which increasingly is being exploited by criminals in malware attacks.

Microsoft is scheduled to fix the bug on October 10, the date it has set to release its monthly batch of security updates, but the company is under increasing pressure to release an earlier, “out-of-cycle” patch. The SANS Internet Storm Center today raised its alert level from green to yellow, an indication that attacks are becoming more widespread.

Microsoft’s Solutions.
Microsoft has suggested a number of workarounds to the problem, and the software vendor does not recommend that users install the new ZERT patch.

“We think it’s great that there are people out there working to help protect our customers. But as we’ve always said, we cannot endorse third party updates,” wrote Microsoft Security Response center operations manager Scott Deacon in a blog posting today.

You can read more of this courtesy of PC World

Tags: , , ,