HomeWinBuzzer NewsTrend Micro Reveals Zero-Day Remote Code Execution Flaw in Microsoft Jet Database...

Trend Micro Reveals Zero-Day Remote Code Execution Flaw in Microsoft Jet Database Engine

A zero-day Microsoft Jet Database Engine flaw lets attackers craft files that enable remote code execution when opened affecting all major Windows versions. Microsoft is reportedly working on a fix for the issue.

-

Google researchers have disclosed a zero-day vulnerability in the Jet Database Engine. The flaw allows for remote code execution and is thought to affect all supported Windows versions.

According to Trend Micro, that includes Windows Server versions, making it potentially very dangerous. Thankfully, attackers must open a malicious JET file to trigger the flaw, limiting its reach somewhat.

“The root cause of this issue resides in the Microsoft JET Database Engine. Microsoft patched two other issues in JET in the September Patch Tuesday updates. While the patched bugs are listed as buffer overflows, this additional bug is actually an out-of-bounds write, which can be triggered by opening a Jet data source via OLEDB,” explains the company's researchers.

The JET database format is somewhat common, so users could be tricked into opening the file in the right circumstances. Once activated, the attacker would be able to execute code at “the level of the current process”.

Deadline Exceeded

Researchers often try to co-operate with the affected company before publishing Zero-Day exploits, and that seems to be the case here. However, like Google, Trend Micro's Zero Day Initiative has a limit on its patience.

To prevent companies from becoming lazy, Trend Micro sets a countdown of 120 days. That's kinder than Google's 90 days, and it's surprising that Microsoft hasn't patched the issue yet.

Still, Trend Micro's Simon Zuckerbraun has confirmed that the tech giant is working on the issue, and we can expect a fix soon. In the meantime, users should probably be cautious about the Microsoft Jet files they open.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News