A security researcher has publicly revealed an 0Day that affects all supported versions of Microsoft's operating system.
Windows vulnerability that also affects versions server, was publicly disclosed when the company was unable to fix the bug within 120 days.
0Day was discovered by Lucas Leong of the Trend Micro Security research team, and is located in the Jet Database Engine of Microsoft Jet. The vulnerability could allow an attacker to remotely run malicious code on any vulnerable Windows computer.
Microsoft Jet Database Engine or simply JET (from Joint Engine Technology) is a database engine built into many Microsoft products, such as Microsoft Access and Visual Basic.
According to an announcement issued by the Zero Day Initiative (ZDI), the vulnerability is due to a pointer management issue in the Jet Database Engine that, if successfully exploited, could cause a memory write except ορίων (out-bounds memory write), και απομακρυσμένη εκτέλεση κώδικα.
The attacker would have to convince the target to open a specially crafted archive JET database to exploit the vulnerability and remotely execute malicious code on the target computer.
According to ZDI researchers, the vulnerability exists in all supported versions of Windows, namely: Windows 10, Windows 8.1, Windows 7 and Windows Server Edition 2008 through 2016.
ZDI reported vulnerability to Microsoft on 8 May and the company confirmed the error on 14 May but failed to correct the vulnerability and release some update within 120 days. So ZDI released publicly the vulnerability.
You also published from Trend Micro in one GitHub page.
Microsoft is reportedly developing a vulnerability update and since it did not exist on Patch Tuesday in September, we will probably see it in the October updates.
Trend Micro recommends Windows users not to open files from unreliable sources.
______________________
- DaaS or device-as-a-service Microsoft shortly
- Windows 10 Redstone 5 RTM when will it be released?
- Microsoft GitHub: the past the biggest challenge
- The free version of Microsoft Teams is now available
- Windows 10 April: Have you lost your desktop?
- Windows 10 Build 17738 download the official ISO
- Windows 10 and Windows 7: What the numbers say
