ZDI Discloses Zero-Day Bug Affecting All Windows Version
Zero-Day Windows Jet Database Engine Vulnerability Allows Remote Code Execution
TrendMicro's Zero Day Initiative have disclosed the zero-day vulnerability in the Microsoft Windows Jet Database Engine which could allow attackers to remotely execute code on any vulnerable installation of the software after the 120 days of disclosed limit passed.
The vulnerability have been found by the Lucas Leong of the Trend Micro Security Research team, which could allow attacker to perform Remote code Execution on vulnerable machine. Its preety easy to exploit this vulnerability, if attacker have the right exploit code.
To initiate this attack, a specially crafted Jet database file would need to be opened, which would then perform an out-of-bounds write to the program's memory buffer. This would then lead to remote code execution on the targeted Windows computer.
Initially the vulnerability was only tested on Windows 7 machine, but researcher believe that all supported Windows version are impacted by this bug, including server editions.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file - ZDI Noted.
At the mean time, Trend Micro recommends all users who might be affected to only use files you receive from trusted sources. ZDI also confirms that Microsoft is working on a patch to address the issue which could be release in October security update.
The vulnerability have been found by the Lucas Leong of the Trend Micro Security Research team, which could allow attacker to perform Remote code Execution on vulnerable machine. Its preety easy to exploit this vulnerability, if attacker have the right exploit code.
To initiate this attack, a specially crafted Jet database file would need to be opened, which would then perform an out-of-bounds write to the program's memory buffer. This would then lead to remote code execution on the targeted Windows computer.
Initially the vulnerability was only tested on Windows 7 machine, but researcher believe that all supported Windows version are impacted by this bug, including server editions.
After the publish of this 0-day bug, 0Patch confirmed that this vulnerability affects Windows 10, Windows 8.1, Windows 7, and Windows Server 2008-2016. Moreover they have also released 3rd party micropatches that resolve this vulnerability.We're happy to announce general availability of two free micropatches for the Jet Engine Out-Of-Bounds Write vulnerability disclosed yesterday by @thezdi. These micropatches apply to fully updated 32bit and 64bit:— 0patch (@0patch) September 21, 2018
- Windows 10
- Windows 8.1
- Windows 7
- Windows Server 2008-2016 pic.twitter.com/Du1cTFafiM
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file - ZDI Noted.
"The specific flaw exists within the management of indexes in the Jet database engine. Crafted data in a database file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process."Initially, Trend Micro's Zero Day Initiative allow the vendor 4 months (120 days) to fix the vulnerability and release a patch and this zero-day RCE vulnerability was reported on May 8 and they aslo got a reply confirming that Microsoft team has successfully been able to reproduce the issue on May 14. But Microsoft failed to released the patch of the bug on giving period of time.
At the mean time, Trend Micro recommends all users who might be affected to only use files you receive from trusted sources. ZDI also confirms that Microsoft is working on a patch to address the issue which could be release in October security update.
Join the conversation