Microsoft JET vulnerability still open to attacks, despite recent patch

A vulnerability in the Microsoft JET database engine is still open to attacks, even after Microsoft shipped an update earlier this week during the October 2018 Patch Tuesday.

The vulnerability, which was a zero-day at the time of its disclosure in mid-September, raised some alarms, mainly due to the fact that the JET database engine is included in all versions of Windows, and provided attackers with a huge attack vector they could target. Microsoft shipped an update this past Tuesday. But according to Mitja Kolsek, co-founder of 0patch, the recent patch is incomplete, and an attacker can still exploit the original vulnerability.

Read more about the issues with Microsoft’s recent JET patch on ZDNet.