Microsoft will issue 12 bulletins, three critical next week as part of its regularly scheduled Patch Tuesday round of updates, repairing holes across its product line.
In its February Advance Notification,
Included in the February batch of patches is an update to repair a publicly disclosed vulnerability in its Windows Graphics Rendering Engine, which could be used in drive-by attacks. The flaw is in the way Windows accesses an object to run an application. A malicious thumbnail image can cause the Graphics Rendering Engine to fail. The maintainers of the Metasploit Framework created a module for the zero-day flaw last month, though there have been no reports of ongoing attacks targeting the vulnerability.
Microsoft is also addressing a serious memory bug in Internet Explorer that could be used by attackers to remotely execute malicious files. The flaw is in the Cascading Style Sheet (CSS) function within Internet Explorer surfaced in late December. An automated fix-it was issued and temporarily prevents the recursive loading of CSS stylesheets.