A new micropatch is available through the 0patch platform for the CVE-2018-8423 vulnerability in Microsoft's JET Database Engine unveiled by Trend Micro's ZDI in their September 20 advisory.
ACROS Security, the company behind the free 0patch micropatch distribution platform, issued an extra 18 bytes micropatch to correct the incomplete fix of CVE-2018-8423 released by Microsoft with their October 2018 Monthly Update.
0patch's microscopic 18 bytes micropatch corrects Microsoft's partial solution for the vulnerable msrd3x40.dll binary which would expose previously micro patched systems to attacks targeting the CVE-2018-8423 vulnerability.
As described in
0patch's blog post, the October update issued by Microsoft also re-opened the CVE-2018-8423 vulnerability for 0patch users, rendering the previous micropatch partially ineffective.
"At this point, we will only state that we found the official fix to be slightly different to our micropatch, and unfortunately in a way that only limited the vulnerability instead of eliminating it," said Mitja Kolsek, ACROS Security CEO. "We promptly notified Microsoft about it and will not reveal further details or proof-of-concept until they issue a correct fix."
