Not logged in » Login
Sep 23 2018

Trend Micro Warns Against Vulnerability in JET Database Engine

Researchers working for Trend Micro's Zero Day Initiative (ZDI) have detected a security hole in Microsoft's Joint Engine Technology (JET) Database Engine that could enable attackers to execute arbitrary code on vulnerable Windows installations. Because there is no patch available yet, the researchers caution JET Engine users not to open files from unknown or untrusted sources.

As per Trend Micro's announcement, they reported the bug to Microsoft on May 8, thus setting off a 120-day-period that precedes public disclosure. That period has ended, and so Redmond has to bear the consequences of Trend Micro's stated policy.

According to the official advisory, the bug – dubbed ZDI-CAN-6135 or ZDI-18-1075 – "exists within the management of indexes in the Jet database engine." More specifically, it's described as "an out-of-bounds write, which can be triggered by opening a JET data source via OLEDB" in the above-linked blog post from the initiative's Simon Zuckerbraun, who is hailed as one of the Top 100 researchers studying Microsoft products by the company itself. Opening such a file enables attackers to remotely execute random code and eventually cause a system crash. This new bug should not be confused with two buffer overflow vulnerabilities that were repaired on September's patch day. Proof-of-concept code is available from GitHub.

Zuckerbraun and his fellow researchers first found the vulnerability in Windows 7, but have since concluded it's present in all supported Windows versions, including server editions. As stated above, no patch has been made available yet, but the researchers hope to see the hole fixed in time for Microsoft's next official 'repair day' on October 9. Until then, the only halfway positive news is that the flaw requires direct user interaction before it can be exploited. In other words, JET Engine users can substantially mitigate the potential risk by not opening database files from unknown or untrusted sources. However, since the bug may also be caught from a malicious web page, it's additionally recommended to avoid visiting seedy Internet areas.


Comments on this article

No comments yet.

Please Login to leave a comment.


Please login

Please log in with your Fujitsu Partner Account.


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now