Severity: High
13 May, 2008
Summary:
- These vulnerabilities affect: Windows 2000, XP, and Server 2003
- How an attacker exploits them: By enticing one of your users into opening a maliciously crafted Word (.doc) or .mdb file
- Impact: An attacker can execute code, potentially gaining complete control of your user’s computer
- What to do: Install the appropriate Microsoft Jet 4.0 Database Engine update immediately
Exposure:
In a security bulletin released today as part of its monthly patch update, Microsoft describes a security vulnerability in the Joint Engine Technology (JET) database engine — a database handling component that ships with Windows. The JET engine component suffers from a buffer overflow vulnerability involving the way it processes .mdb files. Although the flaw specifically lies in how Jet engine handles .mdb files, an attacker could easily embed an .mdb file into a Word document as well. So, potentially, attackers could leverage this vulnerability using booby-trapped Word documents. By enticing one of your users into downloading and opening such a document, an attacker could exploit this flaw to execute code on that user’s machine, with that user’s privileges. If the user has local administrator rights, the attacker would gain full control of the user’s machine.
Severity: High
13 May, 2008
Summary:
- These vulnerabilities affect: Windows 2000, XP, and Server 2003
- How an attacker exploits them: By enticing one of your users into opening a maliciously crafted Word (.doc) or .mdb file
- Impact: An attacker can execute code, potentially gaining complete control of your user’s computer
- What to do: Install the appropriate Microsoft Jet 4.0 Database Engine update immediately
Exposure:
In a security bulletin released today as part of its monthly patch update, Microsoft describes a security vulnerability in the Joint Engine Technology (JET) database engine — a database handling component that ships with Windows. The JET engine component suffers from a buffer overflow vulnerability involving the way it processes .mdb files. Although the flaw specifically lies in how Jet engine handles .mdb files, an attacker could easily embed an .mdb file into a Word document as well. So, potentially, attackers could leverage this vulnerability using booby-trapped Word documents. By enticing one of your users into downloading and opening such a document, an attacker could exploit this flaw to execute code on that user’s machine, with that user’s privileges. If the user has local administrator rights, the attacker would gain full control of the user’s machine.
You probably remember this flaw from a Wire post we published back in March. In that post, we warned you that malicious attackers were exploiting this previously unpatched vulnerability in the wild, in what Microsoft called, “limited, targeted attacks.” Now that Microsoft has finally fixed this vulnerability, we highly recommend you download, test, and deploy its patch immediately, before one of your users succumbs to this serious attack vector.
Solution Path:
The Microsoft Jet 4.0 Database Engine update fixes a significant issue which attackers are exploiting in the wild. You should download, test, and deploy the appropriate Microsoft Jet 4.0 Database Engine update immediately.
- Microsoft Jet 4.0 Database Engine update:
Microsoft Vista and Server 2008 are not affected.
For All WatchGuard Users:
While you can configure some of WatchGuard’s Firebox models to block all Word (.doc) and .mdb documents, most organizations need to allow Office documents in order to conduct business. Blocking them could bring your business to a halt. Therefore, the patches are your best recourse. Nevertheless, if you do wish to block any Office documents, follow the links below for our instructional videos on using your Firebox proxy’s content blocking features:
- Firebox X Edge running 10.x
- How do I block files with the FTP proxy? (Video, 2:30)
Windows Media, 17.4MB / QuickTime, 11.8MB - How do I block files with the HTTP proxy? (Video, 2:52)
Windows Media, 32MB / QuickTime, 28.6MB - How do I block files with the POP3 proxy? (Video, 2:35)
Windows Media, 17.6MB / QuickTime, 16.5MB - How do I block files with the SMTP proxy? (Video, 2:18)
Windows Media, 12.2MB / QuickTime, 9.1MB
- How do I block files with the FTP proxy? (Video, 2:30)
- Firebox X Core and X Peak running Fireware 10.x
- How do I block files with the FTP proxy? (Video, 2:30)
Windows Media, 25.2MB / QuickTime, 9.1MB - How do I block files with the HTTP proxy? (Video, 2:52)
Windows Media, 38.2MB / QuickTime, 10.7MB - How do I block files with the POP3 proxy? (Video, 2:35)
Windows Media, 23.2MB / QuickTime, 10.1MB - How do I block files with the SMTP proxy? (Video, 2:18)
Windows Media, 25.6MB / QuickTime, 9.0MB
- How do I block files with the FTP proxy? (Video, 2:30)
Status:
Microsoft has released Microsoft Jet 4.0 Database engine to fix this vulnerability.