Microsoft fails to plug WordPad exploit

Microsoft - investigating
Microsoft - investigating

Microsoft's major patch this week apparently failed to close two zero-day vulnerabilities in older operating systems – although those running Vista and XP with SP3 are not at risk.

Despite the patch bringing 28 fixes, there are still widely reported problems with Internet Explorer and WordPad.

The problem will only affect those people running Windows XP service pack 2, Server 2003 and older operating systems such as Windows 2000.

Text converter

Microsoft has blogged about the problem with WordPad – which affects the wordpad text converter for Word 97.

"Microsoft is investigating new reports of a vulnerability in the WordPad Text Converter for Word 97 files on Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2," said the blog

"Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

"At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. Additionally, as the issue has not been publicly disclosed broadly, we believe the risk at this time to be limited."

The blog also warns that the vulnerability could let the attacker gain the same rights as the user – which obviously would not bode well if you have admin access.

Patrick Goss

Patrick Goss is the ex-Editor in Chief of TechRadar. Patrick was a passionate and experienced journalist, and he has been lucky enough to work on some of the finest online properties on the planet, building audiences everywhere and establishing himself at the forefront of digital content.  After a long stint as the boss at TechRadar, Patrick has now moved on to a role with Apple, where he is the Managing Editor for the App Store in the UK.