Yet more third-party fixes are out for a Windows flaw, which is not expected to be addressed until next week.

Two groups are offering unofficial patches as the software giant warns users.

"We are working on a security update currently scheduled for an Oct. 10 release," Microsoft (Quote, Chart) said in a Thursday security advisory.

While the software maker said proof-of-concept code has been published on how to exploit the flaw, it was not aware of any customers attacked.

Asinternetnews.com reported last week, CERT issued a warning for users of Windows 2000, Windows XP and Windows Server 2003 that a flaw in the WebViewFolderIcon ActiveX control could pose a security risk.

The flaw could enable a hacker to run malicious code on an unpatched system.

The Zeroday Emergency Response Team (ZERT) issued a patch Friday enabling Windows users to protect their systems.

This isn't the first time ZERT has stepped in while Windows users awaited an official response from Microsoft.

ZERT issued a patch covering a recent vulnerability in the "vgx.dll" file, which is part of Windows' Vector Markup Language for graphics.

But ZERT was not alone in offering unofficial patches. On Friday, security vendor Determina announced a free patch to address what it viewed as a "critical" security problem.

In March, Determina was one of two security vendors offering a free third-party patch for exploits using a vulnerability in how IE handles the "createTextRange()" tag.

The year began with a Russian software developer offering a patch to solve a hole in Windows Metafile (WMF).

That unofficial fix, adopted by SANS and security firm F-Secure, prompted such demand; the software developer's Web site crashed under the load.

However, as security vendors such as McAfee (Quote, Chart) and others point out, Microsoft must weigh the impact of a patch on its ocean of users, making the decision on whether to issue an out-of-cycle security bulletin not cut-and-dried.

The monthly patching sessions, known as "Patch Tuesdays," were developed to keep systems administrators "from running around like chickens with their heads cut off," Andrew Jaquith, security analyst with Yankee Group, told internetnews.com.

Despite the urge to increase the frequency of patches, Microsoft cannot afford to make any drastic changes to its patching schedule. The software giant spends between $75 million and $100 million each year on security, according to the analyst.

The most recent spate of third-party Windows patches "points to some frustration out there," Jaquith said.

While not willing to say if companies will compete with Microsoft to offer Windows patches, security firms are providing patches to users either for profit or simply as good public relations, he said.

ZERT is made of "really, really smart people," according to the analyst. The skills to reverse-engineer Windows code, either to fix or break software, is now available.

This article was first published on InternetNews.com. To read the full article, click here.