Microsoft JET vulnerability still open to attacks, despite recent patch

A vulnerability in the Microsoft JET database engine is still open to attacks, even after Microsoft shipped an update earlier this week during the October 2018 Patch Tuesday.

The vulnerability, which was a zero-day at the time of its disclosure in mid-September, raised some alarms, mainly due to the fact that the JET database engine is included in all versions of Windows, and provided attackers with a huge attack vector they could target. Microsoft shipped an update this past Tuesday. But according to Mitja Kolsek, co-founder of 0patch, the recent patch is incomplete, and an attacker can still exploit the original vulnerability.

Read more about the issues with Microsoft’s recent JET patch on ZDNet.





Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief