A group of software engineers with ZERT has issued what it characterizes as an interim patch for the VML exploit, possibly closing the door to a new series of Trojans. In so doing, a new group resurrects some old questions about whether third parties should be trusted to patch Microsoft products.