A group of security researchers on Friday posted an unsanctioned patch for the Internet Explorer VML bug, putting more pressure on Microsoft to push its own fix to users before its next scheduled update on Oct. 10.
Composed of at least 20 researchers in the U.S., Russia, Germany, and elsewhere, the Zeroday Emergency Response Team (ZERT) reverse-engineered a fix for the flaw disclosed earlier this week by Sunbelt Software. The fix can be downloaded from the ZERT Web site.

"While ZERT tests these patches, they are not official patches with vendor support and are provided as-is with no guarantee," the group said. "Use them at your own risk or wait for a vendor-supported patch."

TechWeb Security