Exploit Code Published for Unpatched Office Flaw -- Redmondmag.com

Exploit Code Published for Unpatched Office Flaw

By Scott Bekker
04/14/2005

Security researchers this week reported a flaw in the memory handling of the Microsoft Jet Database Engine that powers the Microsoft Office Access database. An attacker could use the flaw to remotely take control of a compromised system, according to HexView, a security firm that discovered the flaw.

A necessary precursor for attackers to use the flaw, called an exploit, has already been released.

The Microsoft Security Response Center is investigating the report. "[They] have been made aware that exploit code for this vulnerability has also been released. Microsoft has not been made aware of any attacks attempting to use the reported vulnerabilities or customer impact at this time, but are aggressively investigating the public reports," a Microsoft spokesperson said Thursday.

A patch could be released before Microsoft's next scheduled monthly patch release on May 10, the spokesperson said.

HexView rated the flaw "highly critical," which is the second-most serious rating in the firm's five-level rating system. Secunia, a security firm that tracks unpatched vulnerabilities across many operating systems and products, said the vulnerability had been confirmed on a fully patched system running Microsoft Access 2003. The firm said the flaw could affect Access 2000, Access 2002, Office 2000 and Office 2003.

HexView said it notified Microsoft about the flaw on March 30 and received only an automated reply from Microsoft.

Microsoft disputed HexView's account. "The MSRC has found no record of the finder contacting them with this report. As is a standard MSRC practice, they have outreached to the finder to try and work with them to learn more about the vulnerability and in turn be able to provide customers with the appropriate solution," the Microsoft spokesperson said. "Microsoft is concerned that this new report of a vulnerability in Microsoft Office was not disclosed responsibly, potentially putting computer users at risk."

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.