"Whenever there’s a vulnerability in the wild that is critical enough to threaten the health of the Internet, we want to have a mechanism to respond immediately. We can’t afford to sit around and wait a month for a vendor."

— Internet security specialist Gadi Evron in eWEEK.

The particular vendor in question is Microsoft and the response mechanism Evron refers to is the Zero-Day Response Team, a self-selecting group of computer security professionals who have apparently had just about enough of Microsoft’s Patch Tuesday.

ZERT emerged from the shadows in response to a problem in the Microsoft Vector Graphics Rendering (VML) engine that allowed hackers to execute code in other peoples’ Windows machines. How big a problem? The "dumping of a massive collection of bots, Trojan downloaders, spyware and rootkits." So . . . bad.

If the threat is real the response should be swift Joe Stewart told eWEEK:

It is clear that we are dealing with an underground group of people who are writing exploits for profits. They are waiting for Patch Tuesday to pass, then it becomes Exploit Wednesday. We’re seeing these zero-days in the wild, timed precisely to guarantee at least an entire month to spread.

Hours after the first advisory on September 19, 2006, Stewart, Gil Dabah, Michael Hale Ligh and volunteer testers around the globe were on the case. "It’s been about 19 hours of work, almost nonstop," Dabah told eWeek.

ZERT did not go through Microsoft channels. "Microsoft needs to start paying attention and recognize that there’s a need for an out-of-band patch," Mr Stewart said. "It’s somewhat irresponsible to tell customers to wait two weeks for Patch Tuesday while computers are being hosed with malware."

They may have gotten Microsoft’s attention; the ZERT patch was posted September 22nd. Microsoft posted its own patch four days later — a full two weeks ahead of Patch Tuesday.

Has ZERT embarrassed the giant corporation into doing right by its customers — or perhaps challenged them to defend their geekness? Time will tell.