Mimecast Research Labs has discovered that data is leaking from Microsoft’s Office Access, the second such coding error it has found.
The exposure -- which was revealed due to a system false positive -- has been active since 2002, and is similar to an issue found in January 2019, Mimecast reports. Microsoft has patched the vulnerability following discovery, Mimecast adds.
The vulnerability, CVE-2019-1463 or “MDB Leaker,” could expose sensitive data from 85,000 companies -- mostly in the U.S. -- if left unpatched, the company asserts. Mimecast rates the vulnerability as “important.”
Data saved in the firm’s MDB file extension might include passwords, domain information and web requests.
Mimecast says a bad actor who gains access to a machine with MDB files can conduct an automated “dumpster dive” to collect data for malicious purposes.