New Zero-Day Vulnerability Affects All Windows Systems


The source of the flaw is Microsoft's Jet database engine

Trend Micro Security Research team has discovered a zero-day flaw in Microsoft Windows that allows ‘remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows.’ The flaw was discovered by Lucas Leong on the Trend Micro Security Research team.

The vulnerability exists in all supported Windows versions, including Windows 10, Windows 8.1, Windows 7, and Windows Server Edition 2008 to 2016.

According to a blog post by Leong, “The specific flaw exists within the management of indexes in the Jet database engine. Crafted data in a database file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.”

The good news is that user interaction is required to exploit this vulnerability, which means a user has to visit a malicious page or open a malicious file that contains Jet database information.

Leong went public with his finding after Microsoft failed to fix it within the grace period of 120 days.


Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=