Saturday, October 12, 2024
HomeComputer SecurityZDI Exposed Unpatched Microsoft RCE Zero-day Flaw in Public After it Crossed...

ZDI Exposed Unpatched Microsoft RCE Zero-day Flaw in Public After it Crossed the 120 Days Deadline

Published on

Malware protection

A Microsoft Zero-day vulnerability that existing in Microsoft JET Database Engine has been crossed zero-day Initiative (ZDI) 120 days disclosure deadline and now it released in public.

ZDI initially reported this zero-day flow to Microsoft on May 8, 2018, since then Microsoft acknowledged the vulnerability and started working on it to provide the patch for Windows.

This Zero-day flow discovered and reported by Lucas Leong of Trend Micro Security Research and the vulnerability allows an attacker to run an arbitrary code in Microsoft’s Jet database engine.

- Advertisement - SIEM as a Service

Vulnerability Details

This specific vulnerability existing in the management of indexes in the Jet database engine that allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows.

In order to trigger this Microsoft Zero-day vulnerability, the attacker needs to send a specially crafted file containing data stored in the JET database format and the user needs to open the file to trigger this vulnerability in victims machine.

According to ZDI, “The root cause of this issue resides in the Microsoft JET Database Engine. Microsoft patched two other issues in JET in the September Patch Tuesday updates. While the patched bugs are listed as buffer overflows, this additional bug is actually an out-of-bounds write, which can be triggered by opening a Jet data source via OLEDB. Here’s a look at the resulting crash”

Mainly user interaction does require to successfully exploit this vulnerability in victims machine by tricking them to open the malicious file.

ZDI research confirms that this Microsoft Zero-day existing in the Windows 7 and they believe all supported Windows version are impacted by this bug. You can also find the Proof-of-concept code here. 

As of now this vulnerability is not yet patched and Microsoft continuously working on it to patch this critical Zero-day vulnerability and we expect the patch in the regularly scheduled October Tuesday patch release since it’s not released in September patch.

Also Read:

Hackers Started Exploiting the Unpatched Windows Task Scheduler Zero Day Flaw using Malware

New Zero Day Attack Discovered in MS Word Document Uses to Hack your PC – Still Not yet Patched

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...