IT administrators can expect three security bulletins from Microsoft Tuesday, of which the maximum severity rating will be "critical." Details on the vulnerabilities to be fixed and the products affected won't come until then.
The software giant offered the early notice on its TechNet site Thursday. The only other detail offered was that some security updates may require users to restart their computers and that, "although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released."
This is the third time the company has issued early notification on what to expect for Patch Tuesday three business days in advance. It started the practice last November in response to customer feedback.
It's unclear if the security bulletins will address a slew of Windows vulnerabilities disclosed in recent weeks.
Microsoft is investigating a flaw in Internet Explorer caused by an input validation error in the handling of FTP file transfers. "This can be exploited by a malicious FTP server to create files in arbitrary locations via directory traversal attacks by tricking a user into downloading malicious files," Danish security firm Secunia said in an advisory this week.
Secunia confirmed the vulnerability on a fully patched system with Internet Explorer 6 and Microsoft Windows 2000 SP4/XP SP1. Systems running Windows XP with SP2 are not affected. Until the problem is fixed, the firm recommends users avoid downloading files from untrusted FTP servers.
FTP, a standard Internet protocol, is the simplest way to exchange files between computers on the Internet. Like the Hypertext Transfer Protocol (HTTP), which transfers displayable Web pages and related files, and the Simple Mail Transfer Protocol (SMTP), which transfers e-mail, FTP uses the Internet's TCP/IP protocols. It is commonly used to transfer Web page files from their creator to the computer that acts as their server for everyone on the Internet. It's also commonly used to download programs and other files to your computer from other servers.
Microsoft also confirmed it's investigating four other vulnerabilities that came to light over the holidays:
The first problem is a remotely exploitable vulnerability confirmed in the LoadImage API instruction used by many Web browsers and e-mail clients. "This issue can be exploited by simply visiting a malicious Web site or opening an HTML e-mail containing a malicious image," antivirus firm Symantec said in a recent statement. "No interaction is required once an image has been viewed."
The second vulnerability is in the winhlp32.exe application used to interpret Windows help files (.hlp). "These vulnerabilities exist as a result of decoding errors that manifest themselves in the parsing of a malicious help file," Symantec said. "These decoding errors are exploitable to cause a heap-based buffer overflow. Malicious help files, encountered either through e-mail, or via a malicious Web site may be used to exploit this vulnerability."
A third vulnerability is in the Windows kernel. A denial of service can result when a malicious .ani file is encountered. "Exploitation of this vulnerability, either via e-mail or a malicious Web site, will result in a crash and subsequent restart of any vulnerable system," Symantec said. "This vulnerability requires no interaction other than viewing a malicious Web site or e-mail in order to succeed."
A fourth problem is an HTML help control exploit that uses a number of different vulnerabilities to bypass Internet Explorer's local zone protections in order to run scripts on the host. This one has already been exploited the Phel Trojan horse.