Office

Zero fault discovered

Table of contents:

Anonim

An investigator has revealed that a new Zero-Day vulnerability has been found that affects all versions of Windows. It is also an unpatched vulnerability, so any user is now a potential victim of attacks looking to take advantage of this security flaw in the operating system. The failure resides in the "Microsoft Jet Database Engine" database engine.

Zero-Day vulnerability revealed affecting all versions of Windows

It seems that this security flaw is due to some problem in the management of indexes in the mentioned database engine. If exploited it could cause write to memory and execute code remotely.

Vulnerability in Windows

In order to carry out an attack, the user must open a malicious JET database file. It must also be a file specifically designed to exploit this vulnerability in Windows. In this way code could be executed remotely on the user's computer. The main problem is that in addition to the operating system, there are several applications that use this database.

The vulnerability exists in all versions of Windows from 2008 to 2016. According to investigators comment, this failure was reported in May. Microsoft itself recognized the error, but so far they have not been able to offer a solution.

The exploit code for the vulnerability has been revealed as well. So Microsoft is already working on a security patch to protect users. It is unknown how long it will take to reach users, but we hope it will be soon.

The Hacker News Font

Office

Editor's choice

Back to top button