14 DAY TRIAL // Microsoft this week issued a security advisory to confirm that a zero-day flaw in Word 2010 and 2013 would allow an attacker to break into an unpatched computer, but the company has now updated the initial notification with more information.
Redmond says that WordPad users are fully protected and the vulnerability only affects the word processor included in the Office productivity suite. WordPad is the default text editor included in all versions of Windows.
Microsoft has already issued a Fix-It solution for the security flaw, but a full-time patch is expected to be launched on April 8 as part of the Patch Tuesday rollout.
“An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft says.
The whole exploit is made through a compromised RTF document, so in addition to deploying the provided Fix-It solution, users are also strongly recommended to pay attention to the files they open and avoid downloading any suspicious items.