14 DAY TRIAL // Microsoft is expected to provide fixes for two zero-day vulnerabilities tomorrow, but they don't include the MHTML remote code execution flaw revealed at the end of January.
In it's advance notification for the upcoming security bulletins, Microsoft announced that it will release two patches postponed last month.
They will cover a use-after-free vulnerability in Internet Explorer, identified as CVE-2010-3971, and originally disclosed at the beginning of December as a denial of service condition.
The flaw later proved exploitable for remote code execution and proof-of-concept attack code that bypasses DEP and ASLR protection was developed.
The second zero-day vulnerability to be patched tomorrow is located in the Windows Graphics Rendering Engine and affects all Windows versions, except Windows 7 and Server 2008 R2.
Identified as CVE-2010-3970, the flaw was also disclosed in December during a security conference in Korea.
The vulnerability is somewhat similar to the LNK processing one exploited by the infamous Stuxnet malware, but it involves malformed thumbnail images instead.
Remote exploitation is possible via network shares or WebDAV resources and can lead to the execution of arbitrary code. Its impact is limited by the code running with the permissions of the current user.
The security bulletins to be released tomorrow will not cover a vulnerability in the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler for which proof-of-concept exploit code has been published.
The flaw received the CVE-2011-0096 identifier and was confirmed by Microsoft at the end of January. It was originally disclosed in a Chinese-language hacking webzine.
It can be exploited in order to access potentially sensitive information both server-side and locally, as well as in combination with other programs.
The disclosure might have happened too late for Microsoft to develop and test a patch in time for this month's Patch Tuesday, but the company did provide an automated Fix it tool to temporarily mitigate the risks.