Skip to content

vSOC SPOT Report: JET Engine

Posted by:

2 min read

Overview

A zero-day flaw has been released by Trend Micro’s Zero Day Initiative (ZDI) team involving an out-of-bounds write in the Microsoft JET Database Engine. The Microsoft JET Database Engine is used in Microsoft Access and Office but could impact other pieces of software that may depend on or utilize the JET Databases.

Technical Overview

A remote attacker must trick a user into opening a malicious JET file or page that would give them access to vulnerable systems. Upon gaining access to the system the remote attacker can then execute arbitrary code on the database to be able to write past the end of an allocated buffer to carry out an out-of-bounds attack. Once the attacker has executed the out-of-bounds attack they can then execute additional code under the current process to attempt to increase access or carry out other malicious activity.

The keys to note with this particular attack is that first, it does require user-interaction in order to gain access to the Jet Database engine, more specifically it requires the user to interact with a malicious JET OLEDB file. Secondly, this attack has only been verified to work on Windows 7 operating systems. Potentially other versions of Windows are impacted but neither Microsoft nor Trend Micro has confirmed this as yet.

Potential Impact

If an attacker is able to get an end-user to click on the JET OLEDB file they can then cause an out-of-bounds attack, write past the end of a buffer and cause a potential crash in the software, which would allow them to execute additional code under the same privileges of the impacted user.

ZDI did release its POC code as part of its public disclosure, but researchers are finding the code difficult to weaponize. This likely means that attackers will face similar difficulties, and it will take time for this code to find its way into widespread use.

What You Should Do

Microsoft has not yet released an update to address this flaw and has not indicated whether it will release an out-of-band update or wait until October 9. If Microsoft releases an out-of-band update, make plans to deploy the patch. Consider targeting workstations first. Microsoft did fix two other issues in JET in September, but they do not affect this vulnerability.

Until an update is released, the best course of action is user awareness. Make sure your employees know not to open Access databases they receive via email, and to treat other Microsoft Office documents with suspicion if they come from an external source.

Supporting Information

Contributing Authors

  • Sam Harris, vSOC Program Manager
  • Dave Farquhar, vSOC Program Manager
Categories: News
Tags:databasemicrosoftvulnerabilityzero day

GuidePoint Security

Exploring Ransomware’s Emerging Middle Class & Evolving Cyber Threats
In this on-demand webinar, the authors share report highlights, in-depth analysis, and exclusive commentary to help strengthen your cybersecurity defenses.
Watch Now

Related Articles

View All

  • GRIT Blog
To Pay or Not to Pay: The Ransomware Dilemma
Posted by: Jason Baker
Published 11/14/24, 09:00am
Read More 11 min read
  • Blog
Cybersecurity Awareness Month: Tackling the Unsustainable Skills Challenge in Cybersecurity and Observability
Posted by: Ben MartinMooney
Read More 3 min read
  • GRIT Blog
Quarterly GRIT Ransomware Report — Q3 2024
Posted by: Grayson North
Published 10/17/24, 09:00am
Read More 2 min read