Third-Party Patch Available for Microsoft JET Database Zero-Day

[silversurfer]

An unofficial patch is already available for the unpatched Microsoft JET Database Engine vulnerability that Trend Micro's Zero Day Initiative (ZDI) made public last week.

Now, 0patch, a community project focused on resolving software vulnerabilities by delivering tiny fixes to users worldwide, says they were able to devise a patch for the bug less than a day after ZDI went public with their findings.

In a blog post detailing the fix, ACROS Security CEO Mitja Kolsek explains that, with JET only working on 32-bit systems, the proof-of-concept (PoC) code provided by ZDI would cause an error message on 64-bit systems, unless launched with wscript.exe.

Source: https://www.securityweek.com/third-party...e-zero-day