The first patch issued by ZERT for an Internet Explorer and HTML email flaw involving Vector markup anguage (VML) may well have embarrassed Microsoft to issuing an official patch ahead of time last week, instead of waiting until Patch Tuesday on October 10.
ZERT then followed its initial patch with another patch this week for a vulnerability in the Windows Shell, which affects Windows 2000, Windows XP and windows 2003 Server. If exploited by visiting a malicious website using Internet Explorer the vulnerability could allow remote code execution on the user's computer.
With the number of exploits mounting and a third party again issuing its own fix to the flaw, Microsoft is once again considering issuing an official patch ahead of its normal Patch Tuesday cycle.
Both user and security communities are divided over whether third party vendors issuing patches to Windows and other Microsoft software is a good idea, with some saying a third party patch could itself introduce more problems than it fixes.
However, many agree that the increasing involvement of third party security vendors is putting increasing pressure on Microsoft to release patches faster and outside its usual monthly cycle.
Some say the monthly patching cycle is enabling attackers to time their zero day exploits to be released in the days immediately following Patch Tuesday, knowing that they have nearly a full month of a patch free vulnerability to work with.
RECRUITMENT & RETENTION REPORT 2013HIRE OR FIRE? BUY OR BUILD
2013 is well underway and Australian companies need to know whether they should invest in IT skills training or pay a premium for the people they need.
If you want to know which choices are being made in your sector, what skills are hard to find, which sectors intend to hire or fire and where the IT spend is going, this free report is must have.
Stan Beer co-founded iTWire in 2005. With 25 years of experience working in Australian technology media, Beer has published articles in most of the IT publications that have mattered, including the AFR, The Australian, SMH, The Age, as well as a multitude of trade publications.