US-CERT: Attackers targeting Access files

US-CERT is warning that attackers are exploiting a flaw in Microsoft Access.

Online criminals are exploiting a flaw in the Microsoft Office Access database to install unauthorized software on computers, the United States Computer Emergency Readiness Team (US-CERT) warned Monday.

In its brief warning, US-CERT offered few details on the attack, saying simply that the organization is "aware of active exploitation" of the problem by criminals who have sent specially crafted Microsoft Access Database (.mdb) files to victims.

These files are "designed for the sole purpose of executing commands," so they should not be accepted from untrusted sources, Microsoft said in a note on its Web site.

Run by the U.S. Department of Defense, US-CERT is charged with coordinating the nation's response to cyberattacks.

Companies typically block the use of .mdb files, but criminals could be using this attack in a targeted strike against an organization that is known to use this particular file-type, said Ben Greenbaum, senior manager for Symantec security response. Symantec itself has seen no evidence of the .mdb exploitation that prompted the US-CERT alert.

The files are not something that the average user would come across on a daily basis, he added. ".Mdb files are blocked by default in most installations of Internet Explorer and Outlook Express," he said. "I am a bit surprised to see active exploitation happening over this vector."

While US-CERT did not say which flaw was being exploited, Greenbaum said the vulnerability could be a recently discovered buffer overflow bug in the Microsoft Jet DataBase engine used to parse Access files.

Join the newsletter!

Error: Please check your email address.

More about CERT AustraliaMicrosoftSecurityFocusSymantec

Show Comments

Market Place