Zero-Day Vulnerability in the Microsoft Windows Jet Database Engine
NJCCIC Alert
Original Release Date: 2018-09-27
A zero-day vulnerability has been detected in the Microsoft Windows Jet Database Engine. Exploitation of the flaw could allow an attacker to perform remote code execution if a specially crafted Jet database file is sent to, and opened, on a vulnerable system. The vulnerability has been confirmed to impact Windows 7; however, as the exploited component exists in all supported versions of Windows, additional versions, including server editions, may also be affected. Microsoft has not yet issued a security update.
The NJCCIC recommends users and administrators of affected systems review the Zero Day Initiative (ZDI) blog, restrict interaction with the Jet database to trusted files only, and apply appropriate patches if and when they become available. Additionally, implement the Principle of Least Privilege to limit the impact of a successful attack and educate end users on this and similar threats.
Featured Content
- Pulse Connect Secure Vulnerabilities Are Actively Being Exploited>
- Phishing Campaigns Attempt to Steal Credentials for Cloud Services>
- Geico Hack Impacts Residents in 8 States>
- SonicWall Email Security Vulnerabilities Are Actively Being Exploited>
- New Critical Vulnerabilities in On-Premises Microsoft Exchange Servers>
- Threat Actors Abuse Contact Forms in Recent Malware Campaigns>
- Google Chrome Vulnerabilities Exploited in the Wild – Patch Now>
- Increase in Ransomware Attacks Targeting Education Sector>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.