Please, don't do it like that. Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
That may cure your problem on it's own, but in addition "USER" is an SQL and ACCESS reserved word, so you shouldn't be using it as a column name. If you do, you should excape it with swaure brackets:
OleDbCommand update = new OleDbCommand("UPDATE users SET [user] = ...
But seriously, use parametrized queries, or your best mate will delete your database just to see the look on your face...