Application security, Malware, Network Security, Patch/Configuration Management, Phishing, Vulnerability Management

Researchers warn of Microsoft Access Database exploit

Targeted phishing emails are attempting to infect the machines of users' who are tricked into opening malicious Microsoft Access Database (MDB) files, US-CERT (United States Computer Emergency Readiness Team) said in a warning this week.

The bogus files attempt to take advantage of a stack-based buffer overflow vulnerability that occurs when Microsoft Access processes specially crafted database files, according to the advisory. Should a user click on a corrupted file, their machines could be pounded with malicious software.

Microsoft considers MDB files, which allow for embedded script, unsafe.

"Various Microsoft applications prevent users from opening this type of file, or warns them before they open the file," a company spokesman told today in an email.

The spokesman confirmed that Microsoft was aware of public exploit reports.

Craig Schmugar, threat research manager for McAfee Avert Labs, told today that the attacks likely take advantage of either of two unpatched Microsoft Jet Database vulnerabilities.

Researchers at McAfee have spotted the flaws being exploited in a limited manner, mostly targeting "entities related to government," he said.

Schmugar said socially engineered attacks hoping to leverage the flaw may succeed because users tend to trust certain files.

"People might think it's an Office document," he said. "They might be less apprehensive about accessing it."

Meanwhile, businesses should ensure they block MDB files at the email gateway, the US-CERT warning advised.

"While Microsoft treats them as unsafe, many companies may not," Schmugar said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.