A subsequent forum posting by a HostGator staffer confirmed that the company has not yet come up with an effective defense against the attack. “We have everyone working on the situation, even a few CTO’s from other companies we know personally,” said the post from GatorBrent. “We can make the problem disappear for a little while but it keeps coming back on a majority of our servers. We believe this is a 0-day exploit with HostGator being the target. We are being completely overwhelmed currently with chat, phones, tickets, etc. We are working on finding the root of the problem so we can put a stop to it.”
Microsoft’s security team said Friday afternoon that it may release a patch for the VML exploit before its next scheduled update on Oct. 10. “Attacks remain limited,” Microsoft’s Scott Deacon wrote on the Security Response blog. “There’s been some confusion about that, that somehow attacks are dramatic and widespread. We’re just not seeing that from our data, and our Microsoft Security Response Alliance partners aren’t seeing that at all either.
“Of course, that could change at any moment, and regardless of how many people are being attacked, we have been working non-stop on an update to help protect from this vulnerability,” Deacon added. “We’ve made some progress in our testing pass for the update and are now evaluating releasing this outside the monthly cycle, as we do any time customers are under threat and we believe we can issue an update that meets our quality bar for widespread deployment.”
An unofficial patch has been released by the Zeroday Emergency Response Team (ZERT), a group of veteran security researchers. “We think it’s great that there are people out there working to help protect our customers,” Microsoft’s Deacon wrote. “But as we’ve always said, we cannot endorse third party updates.”