Determining Microsoft Jet Database Engine vulnerability

Do we need to worry about the recently disclosed vulnerability in the Microsoft Jet Database Engine if we have Windows XP Service Pack 3 installed?

Microsoft Security Bulletin MS08-028 is rated Critical for the Microsoft Jet 4.0 Database Engine, but XP SP3 is listed in the Non-Affected Software section of the bulletin so you should be safe from this vulnerability on machines with XP SP3 installed. Other versions of Windows listed as not affected include Windows Server 2003 SP2, Vista and Vista SP1, and Windows Server 2008. Users running older versions of Windows need to install the associated security update to address this vulnerability. The vulnerability in the Jet Database Engine can be exploited to install and execute programs and code remotely. The security update changes the way the Jet Database Engine parses data within a database to address the vulnerability. This flaw is not limited to users specifically using Microsoft Access databases; it can be used to attack any unpatched Windows PC system running Microsoft Office. Microsoft recommends installing the update for Microsoft Security Bulletin MS08-026,  which plugs a hole allowing remote attackers to use a vulnerability in Microsoft Word to load and execute code remotely if a user opens a "specially crafted" Word file (a Word file that has been tampered with by hackers). All Microsoft Office users, both PC and Mac, should install this patch to block attacks from these "specially crafted" Word files. Keeping up with your operating system updates and Microsoft Office updates is a best practice you should encourage, if not force, all your system users to adhere to.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Do we need to worry about the recently disclosed vulnerability in the Microsoft Jet Database Engine if we have Windows XP Service Pack 3 installed?

Microsoft Security Bulletin MS08-028 is rated Critical for the Microsoft Jet 4.0 Database Engine, but XP SP3 is listed in the Non-Affected Software section of the bulletin so you should be safe from this vulnerability on machines with XP SP3 installed. Other versions of Windows listed as not affected include Windows Server 2003 SP2, Vista and Vista SP1, and Windows Server 2008. Users running older versions of Windows need to install the associated security update to address this vulnerability. The vulnerability in the Jet Database Engine can be exploited to install and execute programs and code remotely. The security update changes the way the Jet Database Engine parses data within a database to address the vulnerability. This flaw is not limited to users specifically using Microsoft Access databases; it can be used to attack any unpatched Windows PC system running Microsoft Office. Microsoft recommends installing the update for Microsoft Security Bulletin MS08-026,  which plugs a hole allowing remote attackers to use a vulnerability in Microsoft Word to load and execute code remotely if a user opens a "specially crafted" Word file (a Word file that has been tampered with by hackers). All Microsoft Office users, both PC and Mac, should install this patch to block attacks from these "specially crafted" Word files. Keeping up with your operating system updates and Microsoft Office updates is a best practice you should encourage, if not force, all your system users to adhere to.

Read more about security in Network World's Security section.