Microsoft made an announcement stating that an unpatched vulnerability in the MS word program is being subjugated in the wild. Not one, but all versions of MS Word used on Windows and Macs and several other linked programs like Word Automation Services, Word Viewer and Microsoft SharePoint Server too are vulnerable. But, presently MS Word 2010 is the central target. Exploits which are like these are version-centric and the attacker behind this is already aware about the version which must be exploited.
In case a user sets Word as the Outlook viewer, then the latter too might be exploited by RTF Files, as suggested by Microsoft. If considering the default configuration, MS Word is the viewer in Outlook versions 2007, 2010 and 2013.
Microsoft after this released an article about “Fix it” which will work around the problem resolution by disabling support for RTF. Users who rely on Word for RTF files must be the ones most affected by this.
Meanwhile, when asked that whether WordPad too shares the same shortcoming, Microsoft did not give a definite answer about the same being vulnerable to this zero day flaw, recently discovered in MS Word.
WordPad, which was previously known as Windows Write, has not been cleared from this doubt of being vulnerable to the similar zero day bug as seen with Word.
This “maybe” has created a score of questions among users, who now expect that whether WordPad too is vulnerable, then it’s likely for Microsoft to soon release an updated security bulletin, addressing the issue.
Any successful exploit in MS Word can render an attacker control for the privileges of the user running this program. Thus, running with standard user privileges can decrease the damage manifolds. Microsoft even said that their EMET aka Enhanced Mitigation Experience Toolkit can help in lessening this vulnerability, significantly.
This security vulnerability of Word was reported by Microsoft by Shane Huntley, Drew Hintz and Matty Pellegrino working with the Security Team at Google.
The author is an experienced Microsoft support specialist who works at SupportMart. The company is a leading name in this scenario known to offer reliable Microsoft Tech Support that can be availed anytime and any day with just one call at the Microsoft technical Support number 1 800 793 7521 toll free.