Critical vulnerability in Microsoft Access database affects businesses and users

Last year, vulnerability testing researchers at Mimecast Research Labs reported the finding of a security flaw in Microsoft Office products, tracked as CVE-2019-0560. Before the end of last year, Microsoft received the report of CVE-2019-1463, a new flaw in the Access database application.

According to the report, if the vulnerability is not corrected, it could expose more than 80,000 companies worldwide, mainly in the US, to confidential information leak incidents. It should be noted that so far there is no information confirming the exploitation of this security flaw in the wild.

Vulnerability testing specialists report that both flaws are similar, but what exactly does the Mimecast report refer to? It is because both vulnerabilities arise due to improper management of system memory by an application, a situation that leads to an unintentional leak of sensitive information.

As mentioned, the vulnerability, also known as MDB Leaker, is virtually identical to that reported in January 2019. In the report, the company mentions: “In many cases, because of the randomness of the content in the compromised memory, the data exposed inadvertently could simply be pieces of meaningless content, although this is not a rule that will be fulfilled without variations”.

In some cases, data in the MDB file may be unintentionally stored, including sensitive information such as passwords, certificates, web requests, and domain/user information. “In other part, a memory link is not inherently a vulnerability, but is a real consequence of memory loss; Microsoft Access users need to review this full report,” vulnerability testing experts mention.

A potential scenario of exploiting this flaw involves a threat actor accessing a machine with MDB files. After performing an automatic search on the container, the attacker could search for and collect sensitive information stored in these files, which could be used in subsequent hacking activities.

So far no exploits for this vulnerability have been found in the wild, although this does not mean that the risk has been overcome. If an administrator passes the update to fix this flaw, they could still be a victim of exploitation. To minimize risks, vulnerability testing specialists at the International Institute for Cyber Security (IICS) recommend following the security tips listed below:

  • Use an advanced malware detection system to prevent infections via emails to prevent file leakage
  • Monitor the release of patches and updates for any system or application, reducing the time allow attackers to exploit vulnerabilities
  • Monitor network traffic for connections to likely command and control services and for leaking potentially sensitive files
  • Continuously update endpoint security system to fine-tune threat detection