The “father” of global viruses is actively exploiting a security vulnerability in the Microsoft Jet Database Engine of the Windows operating system – a flaw that has been neglected and unpatched for the past five months since Microsoft first received notification.
Security experts have classified the vulnerability in the Microsoft Jet Database Engine – an application commonly used in software such as Microsoft Office 2000, Office 2003, Access 2000, and Access 2003 – as “extremely dangerous,” yet Microsoft seems to have forgotten about this issue. To exploit this vulnerability, various types of viruses typically use spoofed Microsoft Access files to infiltrate victims’ computers.
In March, Microsoft received notifications regarding this security vulnerability along with warnings that hackers could fully exploit it to gain control over users’ computers. However, Microsoft has yet to publicly acknowledge the flaw in the Jet Database Engine, despite being aware that systems using Microsoft Access 2003 and Microsoft Windows XP – including Windows XP SP2 – are affected by this vulnerability.
According to warnings from security firm Symantec, only the Backdoor.Hesive Trojan has so far targeted this vulnerability. The firm assesses the potential for Hesive’s spread as low but still cautions about the potential damage this type of Trojan could cause.
Users of Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, Windows XP, and Windows Server 2003 are all within the impact range of Hesive.
Once it infiltrates a victim’s computer, this Trojan will open a backdoor allowing hackers to remotely take control of the user’s computer. Such attacks are typically aimed at laying the groundwork for creating “zombie PCs” to facilitate spam or distribute malicious software.
Microsoft has not yet provided any official response regarding this issue.
HVD – (eWeek)
