Monday, September 25, 2006

Not a CERT but a ZERT.

Last friday the ZERT was launched - ZeroDay Emergency Response Team . The goal of this group of security professionals is to study 0-day exploits and develop unofficial patches when those exploits pose a security risk to the internet or users in general and a vendor-supplied patch has not been released yet. This is an interesting approach, since we have recently seen so many critical security vulnerabilities and exploits without patches. Remember the Windows WMF vulnerability? On the other hand, despite of the fact that the ZERT group may perform extensive testing, it is ALWAYS advisable to perform your own tests in your own environment, if you plan to apply them, since it may break applications or conflict with a software/hardware vendor guarantee. There's even an unsupported third party patch for the VML vulnerability available at ZERT. I can't recommend it because I even saw some problems related to it: See the discussion at PC Doctor Guides. But it's good to know something is available if this VML problem really gets out of hand (which it hasn't yet). Of course if you got a good AV product you shouldn't be worried at all because there is detection and blocking possible in several ways.