A security researcher has publicly disclosed a 0Day that affects all supported versions of Microsoft's operating system.
The Windows vulnerability, which also affects server versions, was publicly disclosed when the company failed to fix the bug within 120 days.
0Day was discovered by Lucas Leong of the Trend Micro Security research team, and is found in Microsoft Jet Database Engine. The vulnerability could allow an attacker to remotely run malicious code on any vulnerable Windows computer.
Microsoft's Jet Database Engine or simply JET (from Joint Engine Technology) is a database engine that is built into many Microsoft products, including Microsoft Access and Visual Basic.
According to the a statement issued by the Zero Day Initiative (ZDI), the vulnerability is due to a pointer management issue in the Jet Database Engine that, if successfully exploited, can cause out-bounds memory write, and remote code execution.
The attacker would have to convince the target to open a specially crafted JET database file to exploit the vulnerability and remotely execute the malicious code on the target computer.
According to ZDI researchers, the vulnerability exists in all supported versions of Windows, namely Windows 10, Windows 8.1, Windows 7 and Windows Server Edition 2008 to 2016.
ZDI reported the vulnerability to Microsoft on May 8 and the company confirmed the bug on May 14, but failed to fix the vulnerability and release a patch within the 120-day deadline. So ZDI to publicly released the details of the vulnerability.
You were also published by Trend Micro in a GitHub page

.
Microsoft is reportedly developing an update for the vulnerability and since it wasn't in Patch Tuesday in September, we'll probably see it in the October updates.
Trend Micro recommends that Windows users do not open files from untrusted sources.
______________________