Trend Micro discloses an unpatched Microsoft Jet vulnerability

Trend Micro has disclosed a new Microsoft Jet vulnerability which is still unpatched. The vulnerability impacts all the supported Windows OS and Server editions.

The Trend Micro’s Zero Day initiative works by identifying bugs and reporting them to the software vendors which a time frame to fix it. The time frame is usually set to 120 days before the vulnerability is publicly disclosed. The group reported the vulnerability to Microsoft on 8th May and gave them 120 days to fix it following which the vulnerability was made public. The group also shared the Proof of Concept (PoC) on GitHub with the details related to the vulnerability.

The vulnerability is an Out-of-Bound write flaw which can be triggered by opening a Jet source via a Microsoft component known as Object Linking and Embedding Database (OLEDB).

The specific flaw exists within the management of indexes in the Jet database engine. Crafted data in a database file can trigger a write past the end of an allocated buffer.

– Trend Micro

Microsoft has accepted the vulnerability and is expected to roll out a fix in October. Meanwhile, 0patch has confirmed a micropatch for Windows 7 users.

For now, Trend Micro recommends not to open any attachments from untrusted sources which might contain a malicious code. Security Research Lucas Leong has been credited with the discovery of the vulnerability.

Via: ZDNet

Some links in the article may not be viewable as you are using an AdBlocker. Please add us to your whitelist to enable the website to function properly.