Microsoft’s January Patch Tuesday delivers fixes for 12 security vulnerabilities, though it is perhaps most noteworthy for what it is missing.
Security firm FireEye on Dec. 28 reported on its discovery of a new Internet Explorer (IE) zero-day flaw that is being actively exploited. Microsoft responded with a Fix it update, though a full patch is not yet publicly available.
“We’ve reviewed the information and are working on an update, which we will make available to all customers on IE 6-8 as soon as it is ready for distribution,” Dustin Childs, group manager, Microsoft Trustworthy Computing said in a statement sent to eSecurity Planet. “In the meantime, the current Fix it, mitigations and workarounds available in Security Advisory 2794220 fully protect against all known active attacks.”