A researcher better safetys has publicly disclosed a 0Day affecting all supported versions of Microsoft's operating system.
The vulnerability of Windows that affects both server versions was publicly disclosed when the company was unable to correct the error within 120 days.
0Day was discovered by Lucas Leong of the Trend Micro Security research team and is located in Microsoft Jet's Jet Database Engine. Vulnerability could allow an attacker to run remotely malicious code on any vulnerable Windows computer.
Microsoft's Jet Database Engine or simply JET (from Joint Engine Technology) is a database engine that is built into many Microsoft products, such as Microsoft Access and Visual Basic.
According to an announcement issued by the Zero Day Initiative (ZDI), the vulnerability is due to a problem with the management of the Jet Database Engine pointers that if successfully exploited, it can cause out-bounds memory write, and remote code execution.
The attacker should persuade the target to open a specially crafted JET database to exploit the vulnerability and remotely execute the malicious code on the target computer.
According to ZDI researchers, the vulnerability exists in all supported versions of Windows, namely: Windows 10, Windows 8.1, Windows 7 and Windows Server Edition 2008 to 2016.
ZDI reported the vulnerability to Microsoft on May 8, and the company confirmed the bug on May 14, but failed to patch the vulnerability and release an updated version within the 120 day period. So ZDI publicly released the details of the vulnerability.
You also published from Trend Micro in one GitHub page.
Microsoft is reportedly developing an update for the vulnerability and since it was not in the Patch Tuesday in September, we'll probably see her in the October updates.
Trend Micro recommends Windows users not to open files from unreliable sources.
______________________
- DaaS or device-as-a-service Microsoft shortly
- Windows 10 Redstone 5 RTM when will it be released?
- Microsoft GitHub: the past the biggest challenge
- The free version of Microsoft Teams is now available
- Windows 10 April: Have you lost your desktop?
- Windows 10 Build 17738 download the official ISO
- Windows 10 and Windows 7: What the numbers say
