Microsoft MDAC Vulnerability Analysis

Verified

Added on 2019/09/19

AI Summary

A vulnerability was discovered in the Microsoft Data Access Components (MDAC) in the first quarter of 2006. The vulnerability allowed remote attackers to execute code remotely and gain access to the computer. Microsoft designated this vulnerability as critical and immediately started working on a solution. The affected systems include Windows 98, Millennium Edition, Windows XP, Windows 2000, and Windows Server 2003. The exploitation scenario involves an attacker hosting a website with a web page infected with the vulnerability, using social engineering tactics to lure users to the site. Mitigation strategies include configuring Internet Explorer's Enhanced Security Configuration, disabling automatic detection of intranet sites, and installing antivirus software. Remediation includes installing Microsoft updates and running the Microsoft Baseline Security Analyzer.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Table of Contents
Executive Summary..................................................................................................................1
Technical description................................................................................................................1
Attack Vector........................................................................................................................1
Mitigation..............................................................................................................................2
Remediation..........................................................................................................................3
Exploitation Scenario...........................................................................................................3
Executive Summary
A vulnerability was discovered in the first quarter of 2006. The vulnerability was found in the
Microsoft Data Access Components or MDAC. This vulnerability was privately reported to
Microsoft and much of the details surrounding it did not see much publication surrounding it.
Microsoft designated this vulnerability as critical and immediately started working on the
solution. The vulnerability allows an attacker to execute code remotely and gain access to the

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

computer [1]. This paper talks about the vulnerability and then proceeds to talk about the
Attack Vector. The exploitation scenario will be detailed and will then talk about mitigating
the vulnerability as well as possible remediation techniques.
Technical description
Attack Vector
This vulnerability existed in the Microsoft Data Access Components or MDAC that allowed
remote attackers to execute code remotely. The affected systems include Microsoft 98,
Millennium Edition, Microsoft XP, 2000 as well as Windows Server 2003. However,
Microsoft rated impact severity of Windows Server 2003 as ‘moderate’ instead of ‘critical’
compared to others [5]. In poorly written application that supports MDAC, it would allow
attackers to execute code remotely and exploit this vulnerability fully. If a user is logged in
with Administrator rights in these operating systems, then an attacker who exploited this
vulnerability successfully would completely be able to take control of the system. He could
install programs, change or view data or even delete data and create other accounts among
with a host of other activities [2]. Users whose accounts are configured with less rights may
be less affected than with users with more rights.
Mitigation
The following mitigation factors could be utilized by a user who is at the risk of being
affected by this vulnerability :
 Internet Explorer Enhanced Security Configuration reduces the risk of this
vulnerability significantly. In order to accomplish this, one needs to follow the
following steps :
o Setting the security level of Internet zone to ‘High’. This setting disables
ActiveX, Microsoft Java VM and other scripts as well as file downloads.
o Disabling automatic detection of Intranet sites. In this case, all the intranet
sites that are not explicitly listed in a separate local zone are marked as
Internet zone sites.
o Disable Non-Microsoft browser extensions as well as on-demand browser
extensions. It also prevents web pages to automatically installing components.
o Lastly, the Multimedia content can also be disabled to further prevent this
vulnerability from happening [3].

 Restrict oneself from visiting unknown websites and unfamiliar websites as the
vulnerability can be placed in infected websites which a user could knowingly click
and download.
 Configuring the user to have as limited access to the system as possible. This is also a
known strategy to mitigate the vulnerability.
 Installing an Antivirus solution that pre-scans the website before delivering to the
end-user and thereby blocking any sites that are deemed harmful or has the said
vulnerability.
Remediation
 Installing the Microsoft update based on the respective system as soon as it’s made
available. (Typically auto-installed, if the updates are set to install automatically).
 Running Microsoft Baseline Security Analyzer to check for any known vulnerabilities
or security mis-configuration.
 Enabling ‘Enhanced Security Configuration’ in Internet Explorer and also disabling
ActiveX controls.
 By making sure an Antivirus such as Microsoft Security Essentials / Defender and
Windows Firewall are configured, receiving updates and currently active.
 By restricting one-self from visiting unknown websites and unfamiliar websites as the
vulnerability can be placed in infected websites which a user could knowingly click
and download [4].
Exploitation Scenario
1. In a Web-based scenario, the attacker would host a website that would contain a web-
page infected with this known vulnerability
2. Attacker would have no way of forcing the user and hence has to make use of social
engineering tactics for luring the users to the website.
3. The infected web-page would typically be loaded after following a link placed in
Email, Document or another website on the internet.
4. The attacker could then further infect a file with the malicious content and would lure
the user with for example a banner advertisements to deliver the infected file to the
user’s computer.

5. As soon as the user clicks on the file and downloads it, the attacker would be able to
gain the same rights to the system as that of the user. If the user is an admin, then
system could be compromised greatly by the attacker.
References
[1]"Exploit", Exploit-db.com, 2018. [Online]. Available:
https://www.exploit-db.com/exploits/2052/. [Accessed: 22- Apr- 2018].
[2]"(MS06-014) VULNERABILITY IN THE MICROSOFT DATA ACCESS
COMPONENTS (MDAC) FUNCTION COULD ALLOW CODE EXECUTION
(911562) - Threat Encyclopedia - Trend Micro US", Trendmicro.com, 2018. [Online].
Available: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/archive/security-
advisories/(ms06-014)%20vulnerability%20in%20the%20microsoft%20data%20access
%20components%20(mdac)%20function%20could%20allow%20code%20execution
%20(911562). [Accessed: 22- Apr- 2018].
[3]Support.microsoft.com, 2018. [Online]. Available:
https://support.microsoft.com/en-in/help/911562/ms06-014-vulnerability-in-microsoft-
data-access-components-mdac-functi. [Accessed: 22- Apr- 2018].
[4]"JS/MS06014.JAV!exploit | Virus", FortiGuard, 2018. [Online]. Available:
https://fortiguard.com/encyclopedia/virus/787701/js-ms06014-jav-exploit. [Accessed:
22- Apr- 2018].
[1]"(MS06-014) VULNERABILITY IN THE MICROSOFT DATA ACCESS
COMPONENTS (MDAC) FUNCTION COULD ALLOW CODE EXECUTION (911562) -
Threat Encyclopedia - Trend Micro US", Trendmicro.com, 2018. [Online]. Available:
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/archive/security-advisories/(ms06-
014)%20vulnerability%20in%20the%20microsoft%20data%20access%20components
%20(mdac)%20function%20could%20allow%20code%20execution%20(911562).
[Accessed: 23- Apr- 2018].

1 out of 4

+13062052269

info@desklib.com

Microsoft MDAC Vulnerability Analysis

Contribute Materials

Secure Best Marks with AI Grader

Related Documents

Vulnerability in Microsoft Data Access Components (MDAC)

Vulnerability in .NET Framework

Windows RPC Elevation of Privilege Vulnerability

CRYPTOGRAPHY AND SECURITY VULNERABILITIES OF SYSTEMS

EternalBlue Vulnerability Analysis

Exploiting the Eternal Blue Vulnerability (CVE-2017-0144) in SMB