Microsoft Access Remote Code Execution Vulnerability

Imechapishwa: Aug 27, 2020 10:08

Advisory No:

Source:

Software Affected:

Overview

Current Microsoft Access Products are missing security updates that can cause a remote code execution vulnerability (RCE). The vulnerability may allow an unauthenticated user to run arbitrary code in the context of current user.

Description

Advisory No: TZCERT/SA/2020/08/27 Date of First Release: 27th August 2020 Source: MICROSOFT Software Affected: Microsoft Access Products Overview: Current Microsoft Access Products are missing security updates that can cause a remote code execution vulnerability (RCE). The vulnerability may allow an unauthenticated user to run arbitrary code in the context of current user. Description: This vulnerability occurs when Microsoft Access Software fails to properly handles objects in memory. And if, the current user is logged on with administrative privileges, an attacker could take control of the affected system. When an attacker takes control, could install programs or create new accounts with administrative user rights. There several scenarios for exploiting of this vulnerability, but all requires a user to open specially crafted file with an affected version of Microsoft Access. A common one is using email as attack vector, whereas the attacker sends a specially crafted file to the target users and convince him/her to open it to be able to execute arbitrary code on the affected systems. Impact: Successful exploitation of the vulnerability could allow an adversary to run arbitrary code on the affected systems. Solution: Microsoft have not yet identified any mitigation factors or workarounds for this vulnerability; however, users of the affected systems are advised to install the following latest security updates from Microsoft.

References:
  1. https://www.tenable.com/plugins/nessus/139495
  2. https://nvd.nist.gov/vuln/detail/CVE-2020-1582#vulnCurrentDescriptionTitle
  3. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1582

Impact

Successful exploitation of the vulnerability could allow an adversary to run arbitrary code on the affected systems.

Solution

Microsoft have not yet identified any mitigation factors or workarounds for this vulnerability; however, users of the affected systems are advised to install the following latest security updates from Microsoft. KB4484366 KB4484340 KB4484385

References

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Ripoti Tukio