ZERT, in a nutshell, is a group of security researchers that creates unofficial patches for zero day vulnerabilites before MS can.
Their Manifesto:
ZERT is a group of engineers with extensive experience in reverse engineering software, firmware and hardware coupled with liaisons from industry, community and incident response groups. While ZERT works with several Internet security operations and has liaisons to anti-virus and network operations communities, ZERT is not affiliated with a particular vendor.
ZERT members work together as a team to release a non-vendor patch when a so-called "0day" (zero-day) exploit appears in the open which poses a serious risk to the public, to the infrastructure of the Internet or both. The purpose of ZERT is not to "crack" products, but rather to "uncrack" them by averting security vulnerabilities in them before they can be widely exploited.
It is always a good idea to wait for a vendor-supplied patch and apply it as soon as possible, but there will be times when an ad-hoc group such as ours can release a working patch before a vendor can release their solution.
Their disclaimer:
Please keep in mind that while ZERT tests these patches, they are NOT official patches with vendor support and are provided as-is with no guarantee as to fitness for your particular environment. Use them at your own risk or wait for a vendor-supported patch.
http://zert.isotf.org/Add your thoughts,
Don
Other : Windows 7 Beta Available Tomorrow
OSCP - Offensive Security Certified Professional : Offensive Security Releases Sample Pen Testing Report
