Microsoft Access Remote Code Execution Vulnerability

Advisory No: TZCERT/SA/2020/08/27

Date of First Release: 27^th August 2020

Source: MICROSOFT

Software Affected: Microsoft Access Products

Overview:

Current Microsoft Access Products are missing security updates that can cause a remote code execution vulnerability (RCE). The vulnerability may allow an unauthenticated user to run arbitrary code in the context of current user.

Description:

This vulnerability occurs when Microsoft Access Software fails to properly handles objects in memory. And if, the current user is logged on with administrative privileges, an attacker could take control of the affected system. When an attacker takes control, could install programs or create new accounts with administrative user rights.

There several scenarios for exploiting of this vulnerability, but all requires a user to open specially crafted file with an affected version of Microsoft Access. A common one is using email as attack vector, whereas the attacker sends a specially crafted file to the target users and convince him/her to open it to be able to execute arbitrary code on the affected systems.

Impact:

Successful exploitation of the vulnerability could allow an adversary to run arbitrary code on the affected systems.

Solution:

Microsoft have not yet identified any mitigation factors or workarounds for this vulnerability; however, users of the affected systems are advised to install the following latest security updates from Microsoft.

• KB4484366
• KB4484340
• KB4484385

References:

1. https://www.tenable.com/plugins/nessus/139495
2. https://nvd.nist.gov/vuln/detail/CVE-2020-1582#vulnCurrentDescriptionTitle
3. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1582