Microsoft To Patch Three Zero Day Vulnerabilities

Tuesday will bring 22 fixes from Microsoft, as well as Adobe patches for Acrobat and Reader.

(click image for larger view)
Slideshow: Top Features Absent From Windows 7
Microsofts February Patch Tuesday will see the release this week of 12 security bulletins, patching a total of 22 vulnerabilities, including three that could be exploited via zero-day attacks.
According to Wolfgang Kandek, CTO of Qualys, these vulnerabilities have seen limited exploits in the wild, so applying the update is highly recommended.
One of those bugs, a CSS-related vulnerability that affects all versions of Internet Explorer, was
disclosed
in late 2010 by a Google researcher. By early January, security firms reported that attackers were actively exploiting the bug.
Microsoft will also patch a zero-day vulnerability in the Windows
Graphics Rendering Engine
. Attackers could exploit the flaw using malicious thumbnail images, and execute arbitrary code at the users permission level.
The third zero-day vulnerability to be patched is an FTP service bug, first acknowledged in December 2010, that affects Internet Information Service (IIS) 7.0 and 7.5, although not IIS Web Services. While attackers could exploit this vulnerability to create a denial of service, Microsoft said it was unlikely they could remotely execute code. Also, most organizations that use IIS likely wont be vulnerable, since IIS FTP service is not installed by default, and even when installed, not enabled by default.
The other forthcoming patches will address less-critical bugs affecting Microsoft Windows, Visual Studio, and Microsoft Offices Visio, versions 2002, 2003, and 2007.
All told, three of Microsofts security bulletins rate as critical, while nine are important, meaning that they typically cant be used to remotely run exploit code.
Two zero-day exploits currently targeting Microsoft products, however, wont be addressed in Tuesdays security update. Notably, a recently disclosed vulnerability in
MHTML
affects all versions of Windows. Microsoft acknowledged the bug 10 days ago and released a temporary workaround while it develops a permanent fix.
In other vulnerability remediation news, Tuesday will also see the release of a new batch of patches from Adobe as part of its quarterly bug-fix release cycle. Adobe said it will
patch
critical vulnerabilities in Adobe Reader X (aka version 10) and earlier versions for Windows and Macintosh, and Adobe Acrobat X and earlier versions, likewise for Windows and Macintosh. Adobe said that while Reader 9.4.1 for Unix contains critical vulnerabilities too, it wont see a patch before the end of February.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Microsoft To Patch Three Zero Day Vulnerabilities