Microsoft Corp. may be waiting until next month to patch a nasty bug in Outlook and Internet Explorer, but security researchers are offering users a more immediate option.
A loose affiliation of security researchers going by the name of ZERT (Zeroday Emergency Response Team) has released a patch for the VML (Vector Markup Language) vulnerability, which increasingly is being exploited by criminals in malware attacks.
Microsoft is scheduled to fix the bug on Oct. 10, the date it has set to release its monthly batch of security updates, but the company is under increasing pressure to release an earlier, "out-of-cycle" patch. On Friday the SANS Internet Storm Center raised its alert level from green to yellow, an indication that attacks are becoming more widespread.
Microsoft has suggested a number of work-arounds to the problem, and the software vendor does not recommend that users install the ZERT patch, released Friday.
"We think it