13 October 18, 10:41
Quote:According to Acros Security CEO Mitja Kolsek, Microsoft's solution is not complete, and it only limits the vulnerability instead of eliminating it.
He claims the discovery of the problem after comparing Microsoft's method to deal with it and the initial micropatch his company provided. Kolsek says that Microsoft has been notified about the bad repair and he will keep the details about the issue under wraps until the release of a proper correction.
"We have, however, issued a micropatch that corrects Microsoft's patch. Namely, in an ironical twist of fate, Microsoft's October update actually re-opened the CVE-2018-8423 vulnerability for 0patch users who were previously protected by our micropatch," Kolsek writes in a blog post today.
He explains that the new in-memory fix applies to the latest revision of the 'msrd3x40.dll' binary, which is the vulnerable component in Windows JET Engine that Microsoft updated from version 4.0.9801.0 to 4.0.9801.5 in its attempt to remove the security bug.
Source: https://www.bleepingcomputer.com/news/se...available/
![[-]](https://www.geeks.fyi/images/collapse.png)
