Security researchers at Trend Micro discovered a zero-day vulnerability within the Joint Engine Technology (JET) Database Engine. The vulnerability could permit an attacker to remotely execute malicious code on any vulnerable Windows computer. The Zero-Day Initiative (ZDI) disclosed the vulnerability to Microsoft in May of this year, but Microsoft failed to provide a patch for the vulnerability. After giving Microsoft sufficient time to patch, ZDI went public with the vulnerability.
An advisory released by ZDI announced the vulnerability. In it they explain that that the “flaw exists witn the management of indexes… Crafted data in a database file can trigger a write past the end of an allocated buffer.” In other words, the flaw permits a buffer overflow which allows data in the database to overwritten by malicious code and allow exploitation.
This vulnerability affects nearly every Microsoft operating systems due to JET being integrated with numerous applications, such as Microsoft Access and Visual Basic. The vulnerability can be difficult to exploit as it requires a user to open a JET database file that has been tailored for exploitation and interact with a vulnerable exploitation. As these files are uncommon, it will likely require obfuscation and social engineering to execute a successful exploitation.
Mitigation
Due to this being a zero-day vulnerability, there is no active patch at this time. However, as soon as a patch is released we recommend that it be applied as quickly as possible, yet within your existing patching policy. In the meantime, where use of JET integrated applications is not critical to business processes, we recommend that you prevent the use of such applications. Otherwise, limit the use of the applications to only those who absolutely need it and educate your staff on the risks associated with this vulnerability. Train them on identifying phishing and prevent opening of email files and disable emailed links where possible.
As of the time of writing there is not an active exploit in the wild. However, proof of concept exploit code has been published by Trend Micro. We recommend closely monitoring your network to look for indications of a breach; in particular, keep an extra close eye on users and devices that actively use vulnerable applications.
About Security On-Demand
Security On-Demand is an industry pioneer and recognized innovator within the managed security space. We are leading the industry in threat detection through behavioral analytics and machine learning.
Sources
