There have been a lot of articles about ZERT and their patch for the MS VML vulnerability. ZERT is a group of security researchers who feel that the danger of the vulnerability and lack of an MS patch warrants creating their own temporary patch. ESET, Microsoft, and a number of other security vendors do not
There have been a lot of articles about ZERT and their patch for the MS VML vulnerability. ZERT is a group of security researchers who feel that the danger of the vulnerability and lack of an MS patch warrants creating their own temporary patch.
ESET, Microsoft, and a number of other security vendors do not support the use of third party patches for some very good reasons. It may sound funny to hear me say that since I am also a liaison for ZERT, but let me explain.
The people who make up ZERT and the ZERT VLM patch are some great people who genuinely care about helping keep people safe. The intent of the patch is to help, but in reality there are only a few people that should consider using the patch at all. This does not mean do nothing, but there is a far better option for most people. Unregister VGX.DLL (See here for instructions and more information). This is sound advice. Most people are not using VML at all and will not notice anything. This removes the vulnerability without exposing you to the risks of a patch that has not been thoroughly tested. Re-registering the DLL is also easy, so if things do not work right after you unregister it, it can be fixed in seconds.
Nobody at ZERT is telling you that the patch is without risk. If you do not NEED to take the risk then don’t!
The ZERT patch comes with significant warnings.
1) The patch is supplied as-is at your own risk. Do not call MS if you break anything, it isn’t their fault.
2) If you fail to uninstall the patch before you apply Microsoft’s patch you may leave your system vulnerable for a very long time.
So who is the patch for? If you have an application that requires VML, and you must use it on a PC with internet access, and you can live with things potentially breaking, and you are ok with no support in that case, then maybe the patch is a viable option for you. If you do not know if you use VML you probably do not.
You should never, ever, install security related software from a web site you know nothing about. There are bad guys out there with web sites claiming to provide you with security software that actually infects your PC. For ZERT, ESET, or anyone else, you need to make sure you are dealing with a legitimate and trustworthy vendor.
Director of Technical Education