Network Security, Patch/Configuration Management, Vulnerability Management

Microsoft warns of Jet Database exploit through Word

Microsoft has issued a security advisory in response to reports that cybercriminals are using Word to exploit a vulnerability in the Jet Database Engine.

According to the advisory, released late Friday, customers running Microsoft Word 2000, 2002 and 2003 on Service Pack 2; Microsoft Word 2003 on Service Pack 2; Microsoft Word 2007 and Microsoft Word 2007 on Service Pack 1 are vulnerable to the attack.

Users running Windows Vista are not open to attack.

Microsoft said the attacks, which involve taking advantage of a buffer overflow flaw, have been limited in scope and require “customers to take multiple steps in order to be successful.” If successful, though, they could permit a remote hacker to execute malicious code on a victim's machine.

The vulnerability lies in the Jet Database Engine, a database manager upon which programs, such as Microsoft Access, are built.

“Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers,” Bill Sisk, security response communications manager for Microsoft, told in an email. “This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.”

The next scheduled patch release is April 8.

Eric Schultze, chief technology officer of patch management vendor Shavlik Technologies, told on Monday that businesses should pay attention to the advisory.

"Most people don't even know that they have Jet Database installed," he said, likening the engine to a SQL server. "My advice would be don't open Word documents from untrusted sources."

It is unclear if this exploit is the same as one identified earlier this month by PandaLabs researchers. At that time, Sisk said Microsoft was aware of the exploit but, because it considers .mdb (Microsoft Access Database) files unsafe, the software company did not plan to issue a patch.

Sisk could not immediately be reached for comment today.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.