Microsoft will finally fix an Internet Explorer flaw from last year

SOFTWARE PATCH CODER Microsoft will fix 22 vulnerabilities in next week's Patch Tuesday security fixes, although not the Windows Internet Explorer zero-day vulnerability that was discovered recently.

Three of the 12 bulletins covering the 22 vulnerabilities are critical, and include updates to address vulnerabilities in Internet Explorer CSS and Windows thumbnail preview.

Insecurity firm Qualys said it has seen limited exploits for these on the wild, so the update is highly recommended. Lower rated flaws that will be patched include ones in the FTP service, Windows, Office and Visual Studio.

The Internet Explorer CSS issue was first discovered in December of last year, and affected several different browser versions, including Microsoft's newest Internet Explorer 8. Attackers could catch a victim with a bug on a booby-trapped webpage and take over the PC, either sticking in a bit of malware or stealing confidential information.

It is too soon for the latest Windows Internet Explorer zero-day vulnerability to be fixed, with a workaround regarded as the best bet for securing against that for now.

The company said, "Microsoft is aware of published information and proof-of-concept code that attempts to exploit this vulnerability. At this time, Microsoft has not seen any indications of active exploitation of the vulnerability."

But of course, if Microsoft doesn't get a move on soon, that might change. µ