New Zero-Day Vulnerability Affects All Windows Systems
Trend Micro Security Research team has discovered a zero-day flaw in Microsoft Windows that allows ‘remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows.’ The flaw was discovered by Lucas Leong on the Trend Micro Security Research team.
The vulnerability exists in all supported Windows versions, including Windows 10, Windows 8.1, Windows 7, and Windows Server Edition 2008 to 2016.
According to a blog post by Leong, “The specific flaw exists within the management of indexes in the Jet database engine. Crafted data in a database file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.”
The good news is that user interaction is required to exploit this vulnerability, which means a user has to visit a malicious page or open a malicious file that contains Jet database information.
Leong went public with his finding after Microsoft failed to fix it within the grace period of 120 days.