Any word of a fix yet? Been 5 week now

Had a quick look on their Release History and the answer is no, the last update was on the 12th October 2015.

Looks like the new 'fix' version (2.2.1) hasn't been released yet ...this is a comment from just a short while ago this morning:

You ever going to release this fix or should I start looking for another program that won't let me be exploited? "No software is perfect" but you said you were gonna fix it in 2-3 weeks not 2-3 months.

https://forums.malwarebytes.org/topic/180348-mbam-22...

Good to see that at last!
Although it can be downloaded now, it Looks as though within the coming week there'll be an update and it won't be necessary to uninstall the old version first:

We�ll be enabling automatic upgrades for current users beginning next week. If you�d like to upgrade before then, simply download the new version from the link above and install

I didnt unistall the previous version. Downloaded the file and installed over the top of the previous version

Even better! Thanks

this is comical.

so a software security vendor needs to rely on people to tell them to follow modern encryption security practices?

They not alone in this problem.

e.g. software like avast and eset which have https scanning modules, will disable technologies such as OCSP and key pinning. Some version also have no tls 1.1/1.2 support.

TLS v1.1 is also an issue as it is prone to TLS over POODLE vulnerability. The only version to be used should be version 1.2 and support for SSL2, SSL3 and TLS v1, and v1.1 should be disabled - else an attacker is able to launch an attack whereby they can force a users session to downgrade and use older TLS or even worse SSL versions, even if TLS v1.2 is enabled... Thereby, the attacker is able to break the encryption used. This of course is an issue for those using ancient browsers.