Windows patched...but not by Microsoft

There's nothing unusual about security vulnerabilities in Microsoft products; Windows users should be used to the "new week, new patch" mentality by this point. But here's something out of the ordinary: a third-party firm jumping the gun on Microsoft--twice in a row. A group, by the name of the Zeroday Emergency Response Team, or ZERT for short, released a patch last week for an IE vulnerability that affected users of Windows 2000, XP and 2003 Server Edition. Security experts stated over the weekend that the flaw was already being exploited by hackers. Microsoft currently plans to offer an official patch on the 10th, their regularly scheduled "patch Tuesday".

This is right on the heels of another patch from ZERT just over a week ago, that beat Microsoft to the punch. And let's not forget that yet another third-party patch one-upped Microsoft earlier this year. While it's understandable that Microsoft's testing and certification process is naturally going to be more involved than that of a similar third-party solution, it's still quite embarrassing that the little guys are offering Windows patches faster than the software giant itself. Microsoft, if you're reading this, might I suggest some new hires for your security team?

For more on the patching coup:
- read this ZDnet report