Zeroday Emergency Response Team (ZERT)

zertThe ZERT team came to light recently due to their public, unofficial patch for the IE Buffer Overflow in VML (vgx.dll) vulnerability (CVE-2006-4868).

They also received coverage today by eWEEK. That article can be found here:,1895,2019162,00.asp

From the ZERT Manifesto:

ZERT is a group of engineers with extensive experience in reverse engineering software, firmware and hardware coupled with liaisons from industry, community and incident response groups. While ZERT works with several Internet security operations and has liaisons to anti-virus and network operations communities, ZERT is not affiliated with a particular vendor.

ZERT members work together as a team to release a non-vendor patch when a so-called “0day” (zero-day) exploit appears in the open which poses a serious risk to the public, to the infrastructure of the Internet or both. The purpose of ZERT is not to “crack” products, but rather to “uncrack” them by averting security vulnerabilities in them before they can be widely exploited.

It is always a good idea to wait for a vendor-supplied patch and apply it as soon as possible, but there will be times when an ad-hoc group such as ours can release a working patch before a vendor can release their solution.

I look forward to seeing more releases and possibly whitepapers on their findings but only time will tell if ZERT can go the distance as a organized incident response team.

Scroll to top