Last year the investigators in analysis of vulnerabilities from Mimecast Research Labs reported the finding of a security error in the Microsoft Office products, identified as a CVE-2019-0560. Before finishing the year, Microsoft received the report of CVE-2019-1463, an error in the base app of the database Access.
According to the report, if the vulnerability is not corrected, could expose to information leak attempts more than 80 thousands of companies worldwide, mainly in EE.UU. It’s important to point out that until now there is no information that confirms the exploit of this error in real scenarios.
Specialists in vulnerabilitie’s anaylisis report that both errors are similar but, what is exactly the meaning of the report of Mimecast? It is due both vulnerabilities appear by an inadequate use of the memory system by the app, a situation that drives in a non intentional filtration of confidential information.
As mentioned, the vulnerability, also known as MDB Leaker, is practically the same one reported in January 2019. In the report, the company says: “In a lot of cases, the cause of ranndomness in the content of the compromised memory, the exposed data involuntarily could be simply fragments of nonsense content, although this is not a rule that will work without variations”.
In some cases, it could store data in an MDB archive non intentionally, including confidential information, like passwords, certificates, web applications and user/domain information. “Said other way, a link between the memory is not inherently a vulnerability, but a real consequence of a memory loss; is not necessary that the users of Microsoft Access check this report fully”, said the experte in vulnerabilities analysis.
A potential exploit scenario of this error adds a malicious actor accessing to a machine with MDB archives. After making an automatic searching in the container, the attacker could use and gather confidential information stored in these archives, which could be used in later hacking activities.
Until now there have not been found exploits for this vulnerability in real scenarios, although this doesn’t mean that the risk is over. If an administrator do no set up updates to correct this error, it could still be a target of exploits. To mitigate the risks to a minimum, specialists in vulnerabilities analysis from the International Institute of Cyber Security (IICS) recommend to follow the following security tips listed here:
- To use the detection of malware system to avoid infectios though emails and to avoid the filtration of archives
- Keep track of the launch of patches and updates for any system or application, which reduces the timeframe of the attackers to exploit the vulnerabilities
- Watch over the net traffic in search of command services connections and the filtration of potentially confidential archives.
- Keeping updating the security system of endpoints to improve the detection of threats.