Windows WordPad has a major security hole

As this is the second Tuesday of the month, otherwise known as Patch Tuesday, there is a security update available for Windows that fixes dozens of flaws. One of them is a critical vulnerability in WordPad and Office that could allow a remote attacker to install malware on your machine.

"A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft explains.

What's also interesting here is that you won't find that tidbit in a security bulletin, as would have been the case for every Patch Tuesday prior to today. That's because Microsoft has introduced a new format for these updates in which it now provides details about its patch through its "Security Update Guide."

Now everyone is a fan of the new format. The Register complains that the new system "merely obfuscates discovered vulnerabilities and fixes," and called it "cowardly" in Microsoft's part to bury critical fixes in the new format, including the WordPad patch. Likewise, Zero Day Initiative called it "confusing."

Our take is that it's...different. It takes a bit of digging/clicking to see which flaws are critical, and that's certainly annoying, but the information is still there.

In this case, the Patch Tuesday update contains a laundry list of CVEs in Edge, Internet Explorer, Windows, Office, Visual Studio for Mac, Silverlight, and .NET Framework. If you want to view which ones are marked as Critical, go here and click the Severity checkbox at the top, then click the new Severity column.

Paul Lilly

Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).

Latest in Security
An FBI wanted poster for alleged hacker Zhou Shuai.
US Justice Dept announces $10 million bounty on at-large 'hacker-for-hire' cabal it says targeted China critics, religious missionaries, and the Treasury
Kinzie, in an FBI jacket, uses a computer with the logo of the Third Street Saints on it
Have I Been Pwned adds over 284 million compromised passwords from latest breach
A still from a YouTube video of Senator Mark Warner speaking
Telecoms hack on US government officials is 'worst in nations history' and 'the barn door is still wide open' says senator
HDMI cable
Hackers can wirelessly spy on your display by collecting HDMI signal leaks and churning them through an AI, but I wouldn't break out the tin foil just yet
Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg
Forcing users to periodically change their passwords should go the way of the dodo according to the US government
An original Apple Macintosh Model M0001, as they celebrate 40th anniversary, is on display in between 2024 Apple models at the independent Apple products store chain Amac, on January 24, 2024 in Utrecht, The Netherlands. Based on the Motorola 68000 microprocessor, the Macintosh was the first successful mouse-driven computer with a graphical user interface.
Major browser providers scramble to patch an 18-year-old vulnerability affecting MacOS and Linux systems but Windows remains gloriously immune
Latest in News
A Viera looking confused in Final Fantasy 14.
Old armor continues to fall victim to Final Fantasy 14's bizarre two-channel dye system, unless you're super into changing the colour of teeny-tiny eyelets: 'Why even bother at this point?'
Starfield: Shattered Space
By the time Bethesda was on Starfield, you'd 'basically get in trouble' for breaking schedule, says former dev: 'A lot of the great stuff within Skyrim came from having the freedom to do what you want'
Otter AI Meeting Agent
As if your work meetings weren't already fun enough, now Otter has a new all-hearing AI agent that remembers everything anyone has said and can join in the discussion
Monster Hunter Wilds' stockpile master studying a manifest
As layoffs and studio closures continue to deathroll the western AAA industry, analyst points out 5 of 8 major Japanese companies hit all-time share prices this year
Warhammer 40,000: Darktide Ogryn
Warhammer 40,000: Darktide adds a psychic horde murderzone mode and makes Ogryns even smashier
A woman wearing a VR headset with dramatic, colourful lighting across the background
'World’s smallest LEDs' could lead to accurately lit screens with 127,000 pixels per inch and much more immersive VR