25 September 18, 18:01
Quote:An unofficial patch is already available for the unpatched Microsoft JET Database Engine vulnerability that Trend Micro's Zero Day Initiative (ZDI) made public last week.
Now, 0patch, a community project focused on resolving software vulnerabilities by delivering tiny fixes to users worldwide, says they were able to devise a patch for the bug less than a day after ZDI went public with their findings.
In a blog post detailing the fix, ACROS Security CEO Mitja Kolsek explains that, with JET only working on 32-bit systems, the proof-of-concept (PoC) code provided by ZDI would cause an error message on 64-bit systems, unless launched with wscript.exe.
Source: https://www.securityweek.com/third-party...e-zero-day