Researchers have discovered a flaw in Microsoft’s Access database application that, if left unpatched, could impact thousands of U.S. businesses.
The flaw, discovered by the team at Mimecast, could lead to the unintended disclosure of sensitive information. Mimecast estimates some 85,000 businesses are at risk. So far, however, it does not believe any companies have been compromised.
The memory leak is very similar to one that was found in Microsoft Office last year. The application will randomly save pieces of data called memory elements into every file. Normally, this is just a fragment of useless content, but it could, on occasion be something sensitive, such as passwords or user information.
And for a patient hacker, that could be valuable information.
“If a malicious actor was able to get on a machine which contained MDB files or could get ahold of large drops of MDB files, the actor could conduct an automated ‘dumpster diving’ hunt through all of them to look for and collect sensitive information residing in these files that could be applied in any number of malicious uses,” said Mimecast.
Microsoft has issued a patch to correct the issue. Mimecast is encouraging businesses to download and install the fix – and keep and eye on network traffic to monitor for attackers hunting for potentially sensitive files.
More must-read stories from Fortune:
—7 companies founded in the last 10 years that you now can’t live without
—Electronic health records are creating a ‘new era’ of health care fraud
—Apple, Amazon, and Google want to create a smart home standard
—What a $1,000 investment in 10 top stocks a decade ago would be worth today
—Amazon is on a collision course with employee activists outraged by the climate crisis
Catch up with Data Sheet, Fortune’s daily digest on the business of tech.