WordPad (Yes, WordPad) Had A Security Vulnerability

I’m willing to bet the only time most people use Windows’ ultra-basic word processor WordPad is if they have to open a document on their machine before Office has been installed. But WordPad is on every Windows system, and it turns out that a vulnerability that was patched in this week’s Patch Tuesday update exploited it.

As Microsoft explains:

The vulnerability could allow remote code execution if a user views or opens a specially crafted Windows Write file in WordPad. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This would be a difficult vulnerability to exploit, since it requires someone to accept a specially-configured file and for them to open it in WordPad. It also may fail if the user doesn’t have administrator rights. Nonetheless, it’s a reminder that apps bundled with the OS bring a security risk no matter how convenient they might seem.


The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments


One response to “WordPad (Yes, WordPad) Had A Security Vulnerability”