JET engine flaws can crash IIS and SQL server say Palo Alto researchers

6 May 2021

A trio of researchers from Palo Alto Networks has detailed vulnerabilities in the JET Engine database present on millions of Windows machines and demonstrated how they can be used to attack SQL server and Microsoft’s Internet Information Server as if attackers had the ability to execute code on the systems and said Microsoft has dismissed some of their findings as not worthy of a fix. In a talk today at Black Hat Asia titled “Give Me a SQL Injection, I Shall PWN IIS and SQL Server”, the three explained that they’ve found the JET database engine – for years supplied as the underlying tech for Microsoft Access and still downloadable today – has many vulnerabilities.

Read full article on The Register

Date:

6 May 2021

Categorie(s):

NEWS

Tag(s):

Databases, IIS, IT, Palo Alto, SQL

Android Malware Brokewell With Complete Device Takeover Capabilities29 April 2024
Fileless .NET Based Code Injection Attack Delivers AgentTesla Malware29 April 2024
Prompt Fuzzer: Open-source tool for strengthening GenAI apps29 April 2024
How insider threats can cause serious security breaches29 April 2024
Closing the cybersecurity skills gap with upskilling programs29 April 2024