JET is one of Microsoft’s first database engines, created in the 90’s, used to power a variety of Microsoft applications like: Microsoft Project, Visual Basic, an Access. It has since been phased out by newer technologies, but is still included in Window’s package for sentimental reasons.

Zero-Day

The vulnerability had reached zero- day at the time of it’s announcement. Once a Microsoft encounters a vulnerability there is a 120 day window to complete a patch, failure would require a public announcement, known as zero day. This vulnerability has been declared public so users can take cautionary action and look to protect themselves from possible attacks. It has been rated as “2 – Exploitation Less Likely”, as a hacker could exploit the opening by altering data within the database.

An attacker would target a user by sending an email with a clickable link/ attachment that would allow access to the database. The link would be a specific JET Microsoft Database file that would require opening or importing the linked data. With access to the database the hacker would be able to alter or delete data.

How to Protect Yourself

As reported on earlier, don’t open links from emails sent from unknown sources. It is unclear if Microsoft will work to patch the vulnerability.