Patched Microsoft Access ‘MDB Leaker’ (CVE-2019-1463) Exposes Sensitive Data in Database Files

mdb-leaker-exposes-sensitive-database-filesResearchers uncovered an information disclosure vulnerability (designated as CVE-2019-1463) affecting Microsoft Access, which occurs when the software fails to properly handle objects in memory. Sensitive data in system memory could be unintentionally saved into database files, particularly Microsoft Access MDB files.

The vulnerability, dubbed “MDB Leaker” by Mimecast Research Labs, is similar to a patched information disclosure bug in Microsoft Office (CVE-2019-0560) found in January 2019. The flaw, active since 2002, was uncovered due to a false positive report for a Microsoft Access file, particularly an MDB file. The researchers found code fragments in what was supposed to be a data-only file type.

The researchers then determined that an improperly-managed system memory exists in the application, a reproducible error that affects multiple older versions, including Office 2010, 2013, 2016, 2019, and 365 ProPlus. Microsoft issued a patch for the vulnerability in its December 2019 Patch Tuesday security bulletin.

MDB Leaker could expose sensitive data from 85,000 organizations, primarily in the U.S., if left unpatched. While the data exposed through the vulnerability is random, it could also include sensitive information such as certificates, domain information, passwords, user data, and web requests.

An attacker who successfully gains access to a machine with this vulnerability could facilitate an automated process for searching and collecting data in MDB files for various malicious purposes.

There have been no MDB Leaker exploits seen in the wild so far, but the risks should be mitigated. IT admins should immediately apply the fix for this flaw, as they could be targets for exploitation. To minimize the risks, the following measures are also recommended:

  • Adopt multilayered security solutions that proactively detect threats and prevent data leakage
  • Monitor network traffic for suspicious activities like command and control (C&C) connections that harvest sensitive files
  • Regularly update systems and applications and employ virtual patching to reduce the risk of attackers exploiting vulnerabilities
HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.