Tuesday, April 04, 2006

3rd Party Patches while Microsoft waits

It's bad enough that they leave the front door wide open See: Video of IE Exploit (createTextRang) using the latest Metasploit code.
Then Microsoft has to wait until patch Tuesday to release a fix for the latest IE issue. "Fine", say the brave and intrepid. Just like the WMF hole, well patched by Ilfak Guilfanov, now eEye and Determina have released their own patches for the MS Internet Explorer (createTextRang) vulnerability. See: Security Watch: Zero-Day Attack Advances Unpatched.
Is there a new industry on the horizon? Perhaps not a pay-per-use model, given the short life cycle before Patch Tuesday, but perhaps corporate sponsorships from those who seek glory in the face of the evil empire. Seems unlike Microsoft to create a market they can't corner, but who knows.