Technology News

latest updates from easySERVICE™

MS Word zero day does not affect WordPad


Microsoft has updated their recent security advisory for Microsoft Word to indicate that Windows WordPad is not vulnerable to the same issue. Accordingly it can be used as a safe workaround for reading and editing RTF documents.

The vulnerability is a remote code execution vulnerability which allows an attacker to gain control of the system when a user opens a malicious RTF file in Microsoft Word. All versions of Microsoft Word are vulnerable to the attack. Microsoft had also announced that they “…are aware of limited, targeted attacks directed at Microsoft Word 2010.” They have not announced when a fix will be released for the vulnerability or if it will be on a regularly-scheduled Patch Tuesday or “out of band”.

Note that Tuesday, April 8 will be the last scheduled patch day for Office 2003, which is among the affected products. We have asked Microsoft whether it is possible, if it is not complete before April 8, that a fix for Word 2003 might be released after that date. [Thanks to F-Secure’s Sean Sullivan for the tip.]

Microsoft had also released a “Fix it” which disables support for RTF files. Until a fix is available, Windows users can change the default handler for RTF files to WordPad.

Source: Associated Press


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


This entry was posted on March 27, 2014 by in Microsoft and tagged , , , , .
%d bloggers like this: