The Zeroday Emergency Response Team (Zert) has released an unofficial patch for a security vulnerability in Internet Explorer. 

Zert is an independent group of engineers that aims to issue updates for unpatched vulnerabilities that pose a serious risk to the public or the internet infrastructure.

The group believes that, in such cases, users should not have to wait until the vendor concerned issues a patch.

Zert was formed last December after the widely abused WMF vulnerability hit computers across the world. 

The group's first patch repairs a vulnerability in the Vector Markup Language component in Microsoft's browser that could allow an attacker to take control of a system without any user interaction. 

The flaw is actively being exploited through several adult websites hosted in Russia. Security website Secunia rated the flaw as 'extremely critical', its most severe rating. 

However, Microsoft told vnunet.com that it advises users not to apply the Zert patch. 

"While Microsoft can appreciate the steps these security researchers are taking to provide our customers with mitigations, as a best practice customers should obtain security updates and guidance from the original software vendor," said a spokesman.

"Microsoft carefully reviews and tests security updates and workarounds to ensure that they are of high quality and have been evaluated thoroughly for application compatibility.

"Microsoft cannot provide similar assurance for independent third-party security updates or mitigations."