latest updates from easySERVICE™
Microsoft has updated their recent security advisory for Microsoft Word to indicate that Windows WordPad is not vulnerable to the same issue. Accordingly it can be used as a safe workaround for reading and editing RTF documents.
The vulnerability is a remote code execution vulnerability which allows an attacker to gain control of the system when a user opens a malicious RTF file in Microsoft Word. All versions of Microsoft Word are vulnerable to the attack. Microsoft had also announced that they “…are aware of limited, targeted attacks directed at Microsoft Word 2010.” They have not announced when a fix will be released for the vulnerability or if it will be on a regularly-scheduled Patch Tuesday or “out of band”.
Note that Tuesday, April 8 will be the last scheduled patch day for Office 2003, which is among the affected products. We have asked Microsoft whether it is possible, if it is not complete before April 8, that a fix for Word 2003 might be released after that date. [Thanks to F-Secure’s Sean Sullivan for the tip.]
Microsoft had also released a “Fix it” which disables support for RTF files. Until a fix is available, Windows users can change the default handler for RTF files to WordPad.
Source: Associated Press