Researchers have found that a vulnerability in Microsoft’s Access database application could have an adverse effect on thousands of U.S. businesses if not patched. The vulnerability discovered by Mimecast’s team could lead to the accidental disclosure of sensitive information. He estimates that about 85,000 businesses are at risk. So far, however, no company is believed to have been harmed.
This memory leak is very similar to the one found in Microsoft Office last year. Access randomly saves pieces of data called memory elements to each file. Typically, this is only part of the useless content, but it can sometimes be sensitive, such as passwords or user information. For a patient hacker, this information is valuable.
“If you can hack into a computer that contains MDB files, or if they can access a large number of MDB files, hackers can conduct so-called automatic “dumpster diving” to find and collect sensitive information that resides in those files,” Mimecast said. This information can be used for any malicious purpose. “
Microsoft has released a patch to correct this issue. Mimecast encourages businesses to download and install the patch and monitor network traffic to monitor for attackers searching for potentially sensitive files.