Microsoft's Jet crash: Zero-day flaw drops after deadline passes:
The Zero Day Initiative has gone public with an unpatched remote-code execution bug in Microsoft's Jet database engine, after giving Redmond 120 days to fix it. The Windows giant did not address the security blunder in time, so now everyone knows about the flaw, and no official patch is available.
The bug, reported to Microsoft on May 8 with a 120-day deadline before full disclosure, was described on Thursday by ZDI, here. It was discovered by Lucas Leong of Trend Micro Security Research.
The bad news: it's a remote-code execution vulnerability, specifically, an out-of-bounds memory write. The good news is that an attacker can only trigger the bug by tricking the victim into opening a specially crafted Jet file, and any arbitrary malicious code smuggled in the document is executed only with the user's privileges (we've all made sure that users don't have admin privilege, right?) The booby-trapped Jet file can also be opened using JavaScript, so someone could be fooled into viewing a webpage that uses JS to open the file, causing the code to run if it's picked up by the database.
The other good news is that the Jet database engine is not terribly well deployed: it's mostly associated with Microsoft Access and Visual Basic. However, if you are using it, you probably will want to stop users from opening any maliciously rigged files.
(Score: 1) by khallow on Saturday September 22 2018, @02:48AM (7 children)
Funny how that was supposed to bother us. Guess another troll fail.
(Score: -1, Troll) by Anonymous Coward on Saturday September 22 2018, @02:58AM (6 children)
Corporate billionaires making billions by taking the hard work of volunteers who got paid nothing doesn't bother khallow. Khallow is the living embodiment of psychotic avarice. Another example of defective human garbage.
(Score: 2, Touché) by khallow on Saturday September 22 2018, @04:05AM (2 children)
Yep.
Nope.
(Score: -1, Troll) by Anonymous Coward on Saturday September 22 2018, @04:45PM (1 child)
Yep. Khallow is a selfish megalomaniac who likes seeing the downtrodden get trampled by the rich and the powerful. Khallow desperately wants billionaire status for himself and trampling everyone else is his way to get there. Khallow is sick. Khallow needs to be put down.
(Score: 1) by khallow on Sunday September 23 2018, @04:06AM
No downtrodden or trampling in the scenario given. We're supposed to care because something freely given gets freely used by billionaires?
That's why I post on SN. Lots of trampling opportunities here.
"We're sorry but your pet soylentil has contracted a terminal case of billionairitus. He'll keep biting ankles until someone gives him a billion dollars and that just isn't going to happen."
(Score: 5, Interesting) by MichaelDavidCrawford on Saturday September 22 2018, @09:16AM (2 children)
I get psychotic all the time.
The reason I'm a coder at all is that I can write good code even when I'm delusional.
I realized that was the case back in 1988, when I was all alone in my building when the NAZIs started having Panzer maneuvers in the parking lot.
Looked out the window... just an empty parking lot.
Looked back at my terminal, NAZIs were in the parking lot again.
But that night's code was damn good.
Yes I Have No Bananas. [gofundme.com]
(Score: -1, Troll) by Anonymous Coward on Saturday September 22 2018, @04:49PM (1 child)
Considering your preferred method of marketing your skills is waxing quixotic and sucking cock until you land the gig, I have to wonder, don't your prospective bosses worry about how you might go psychotic and bite their dicks off?
(Score: 3, Interesting) by MichaelDavidCrawford on Monday September 24 2018, @08:43AM
I don't tell my employers until I've actually worked for them long enough that I can accurately gauge how they'll react to my informing them of my mental illness.
My experience with doing so has been overwhelmingly positive. I don't tell everyone but I do tell most of them.
Yes I Have No Bananas. [gofundme.com]