Microsoft Fix for Windows JET Database Bug Not Perfect, Micropatch Available

More from: | Bleeping Computer |
0

Windows JET Database Engine continues to be vulnerable to remote code execution bug after Microsoft released a patch in the October security updates rollout.

The vulnerability, now identified as CVE-2018-8423, was disclosed publicly by TrendMicro’s Zero Day Initiative program on September 20, before Microsoft could manage to include a fix.

Until Microsoft’s update, users could benefit from the protection of a micropatch – a temporary correction applied while the software is running – that became available from Acros Security 24 hours after the bug disclosure. When available, these interim fixes are delivered for free through the 0Patch platform.

New, interim in-memory fix available

According to Acros Security CEO Mitja Kolsek, Microsoft’s solution is not complete, and it only limits the vulnerability instead of eliminating it.

He claims

(...)

Read full article » https://www.bleepingcomputer.com/news/security/microsoft-fix-for-windows-jet-database-bug-not-perfect-micropatch-available/


About | Bleeping Computer |

Bleeping Computer® is a technical support site and a self-education tool for the novice user to learn basic concepts about Computer Technology. Our focus is to allow the novice computer user to be able to have a place that they can come and discuss computer/technology problems with their peers and at the same time have a rich resource in which to learn the "basics" about computers and technology.

We have found, with our extensive experience in helping users, whether they be family, friends, coworkers, or clients, that most technical support problems lie not with the computer, but with the fact that the user does not know the "basic concepts" that underlie all issues of computing. These concepts include hardware, files and folders, operating systems, Internet, and applications.

»Twitter: @BleepinComputer »Facebook: @BleepingComputer »YouTube: BleepingComputer