How exactly does the attacker know the passwords expiration date?
How exactly WOULDN'T they? If the attacker is doing offline brute forcing of passwords, that means they've obtained at least a partial copy of the database for the site (since they have to have the hashes and salts), at which point it's probable that they would have also obtained the expiration dates linked to each password.
Expiration dates != expiration time of current password. If you assume some maximum password expiration time (lets say 3 months) then as long as user is registered for at lest that amount of time the password expiration date doesnt provide any useful information about it. Unless of course hacker gets multiple database snapshots from widely different days, but then the system is probably doomed anyway.