• SEARCH
  •       

  •             
Ziff Davis Enterprise

Home arrow Security arrow Database Attacks Confirmed by Microsoft









Renew Your Subscription

  Security


Database Attacks Confirmed by Microsoft
By Ryan Naraine
2008-03-25

Article Views: 537
Article Rating:starstarstarstarstar / 0

Rate This Article:
Poor Best
Add This Article To:
Attackers are exploiting a buffer overrun vulnerability in the lightweight database that provides data access to Microsoft Access, Visual Basic and third-party applications.

An unpatched security flaw in Microsoft's Jet Database Engine is being used to launch targeted attacks against Windows users, according to an advisory from the software vendor.

The attacks, described by Microsoft as "very limited," are exploiting a buffer overrun vulnerability in the lightweight database that provides data access to applications such as Microsoft Access, Microsoft Visual Basic and third-party applications. Technical details on this zero-day vulnerability are not yet available but it is common knowledge that the Jet DB engine has suffered from major security issues over the last few years.

In fact, proof-of-concept exploit code targeting multiple Jet database engine flaws has been available on the Internet since April 2005. The public exploit code affects the same "msjet40.dll" component referenced in Microsoft's pre-patch advisory.

Read the full article at eWEEK.





Discuss Database Attacks Confirmed by Microsoft
 
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Security Articles          >>> More By Ryan Naraine
 



FREE ZIFF DAVIS ENTERPRISE ESEMINARS AT ESEMINARSLIVE.COM
  • Jul 8, 2 p.m. ET
    Optimizing Data Efficiency and Scalability with Windows File Server Consolidation     with Michael Vizard. Sponsored by HP
  • Jul 9, 2 p.m. ET
    Going Green with Managed Services     with Michael Steinhart. Sponsored by Intel & Kaseya
  • Jul 15, 12:30 p.m. ET
    IBM Lotus Notes: Microsoft SharePoint Co-Existence Strategy    . Sponsored by Mainsoft
  • Jul 15, 2 p.m. ET
    The Do`s and Don'ts of Email Encryption     with Joel Shore. Sponsored by IronPort
  • Jul 17, 12:30 p.m. ET
    Social Networking Has Entered the Building: Enable the New Internet     with Joel Shore. Sponsored by FaceTime
  • Jul 22, 12 p.m. ET
    How to Make Good on the Promise of Virtualization     with Joel Shore. Sponsored by HP
  • Jul 22, 1 p.m. ET
    Strategies for Retention and Deletion of Email/Electronic Information     with Michael Vizard. Sponsored by Dell & MessageOne
  • Jul 23, 2 p.m. ET
    Streamlining Proactive Systems Management with IT Automation     with Michael Steinhart. Sponsored by Kaseya

    • Sponsored Links
  • Get Total Visibility into Projects w/ Mariner
  • Win a Seagate® Barracuda® 1-TB HDD!
  • Brocade DCX: the smart way to evolve your data center.
  • Microsoft System Center – Designed For Big
  • 64 pages on security, compliance, & IT operations
  • Your Linux is more than ready.™ novell.com/linux
  • Free trial of Safari Books Online & $100 Gift Card
  • Get Tech OnTap technical enewsletter from NetApp.
  • 3M saved $3M on printing. Learn how HP can help your business
  • Download the “Best Antivirus Product of 2007”
  • Improve the customer experience with Dialogue
  • Win a Seagate® Barracuda® 1-TB HDD!
  • Join the Windows Server® 2008 Trial Software community
  • VoIP issues? Visit the experts at Global Crossing.
  • Introducing BlackBerry® Professional Software from AT&T.
  • New Mobility Solution from BlackBerry®. Learn More.
  • Your small business. Our big solution. The Satellite A200.
    		•   
    FEATURED VIDEOS

      The Nick for NAC
      eWEEK Channel Insider Technology Editor Frank Ohlhorst explains how VARs are about to get lucky. NAC is evolving, and it is evolving in such a way that hardware constraints are quickly being eliminated and NAC bundled with other security solutions is becoming a major opportunity, that should become a lot easier to sell and support.

      Will Recession Hit the Channel?
      Fears of a possible recession have VARs and solution providers taking steps to prepare their customers.
       

    Sponsored by
    DOWNLOADABLE ROI CALCULATORS & TOOLS FROM BASELINE
     
    Calculate Cost and ROI of Spam, VOIP, RFID, Sarbanes-Oxley and more...


    Featured Calculators:

     



    See More Tools!
    By Category| Planners |Calculators | Quizzes

     

     
    LATEST STORIES
    - Interview with Kathy Lane, CIO of National G...
    - Document and Records Management Still Lags
    - Preparing for an E-Discovery Showdown
    - Fugitive Ex-hedge Fund Manager Israel Surren...
    - U.S. Faces Tough Second Quarter

    Baseline:  

    Issue Index | Contact Us | About | Media Kit | Magazine Customer Service | Navigation Guide

    Quick Links:  

    Project Planners | ROI Calculators | Enterprise Resource Planning | Network and Online Security | Data Analysis | Process Management | Storage Devices| Link to Us

    Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
    Tech RSS Feeds | White Papers | ROI Calculators | Tech Podcasts | Tech Video | VARs | System Builder

    Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
    eWEEK | Enterprise Network Security | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
    Publish | Security IT Hub | Strategic Partner | Web Buyer's Guide | Windows for Devices

    Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
    Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | igrep

    Use of this site is governed by our Terms of Use and Privacy Policy

    Copyright ©1996-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.