Microsoft swatted a bug in its Jet Database Engine that attackers were
exploiting.
Microsoft officials confirmed in March that attackers were using a flaw
affecting the Jet 4.0 Database Engine to target Windows users. The company
described
the attacks at the time as "very limited." Still, the patch for Jet DB will have the widest impact because it affects Windows XP, Windows
2000 and Windows 2003, said Don Leatham, director of solutions and strategy at
Lumension Security.
"When prioritizing this month's patches, this will probably get the
most attention because of the number of organizations running these systems and
programs," Leatham said in a statement.
According to Microsoft, successful exploitation of the vulnerability could
lead to a complete takeover of an affected system.
The fix was included in one of four security bulletins the company issued as
part of its May Patch Tuesday update. Three of the bulletins, including the one
for the Jet Database Engine flaw, were rated "critical."
One of the other critical bulletins addresses vulnerabilities in
Microsoft Word, while the other plugs a security hole in Microsoft
Publisher. As with the Jet Database Engine flaw, all of the vulnerabilities can
be exploited remotely by attackers to seize control of an unpatched system.
The final security bulletin is rated "moderate" and addresses two
vulnerabilities in the Microsoft Malware Protection Engine. The Malware
Protection Engine is contained in a number of programs, including Windows Live
OneCare and Microsoft Forefront Client Security.
Although the bulletin is rated moderate, Leatham urged organizations
to pay close attention if they rely on any of the products as part of
their overall security strategy.
"Whenever security tools themselves are affected—even if they have been
given moderate status—we encourage customers to treat them with increased
importance," Leatham said.
In April's Patch Tuesday, Microsoft issued fixes for
five "critical" and three "important" vulnerabilities.
Architecture 
