Original URL: http://www.theregister.co.uk/2011/02/04/ms_feb_patch_tuesday_pre_alert/

Zero-day update duo to star in upcoming Patch Tuesday update

But MHTML fix remains MIA

By John Leyden

Posted in Security, 4th February 2011 10:44 GMT

Microsoft plans to release a dozen bulletins on Tuesday – three of which address critical flaws.

The February Patch Tuesday batch includes a fix for a critical Windows thumbnail preview flaw as well as patching an equally serious flaw in how Internet Explorer handles Cascading Style Sheets (CSS). Each of these zero-day vulnerabilities has been exploited in limited hacking attacks.

The remaining updates address lesser flaws in Windows, Office, Microsoft's IIS web server software and Redmond's development platform, Visual Studio.

Net security services firm Qualys notes that a fix for a recently discovered MHTML flaw in Windows/Internet Explorer will not be addressed by the February Patch Tuesday update. Users are advised to apply Microsoft's workaround, pending the availability of a more comprehensive fix. ®