By Gregg Keizer
December 10, 2008
On the same day that Microsoft Corp. released its biggest batch of
security patches in more than five years, the company also warned
Windows users of a critical bug that it didn't get around to fixing.
In an advisory posted yesterday, Microsoft said that "limited and
targeted" attacks are in progress by hackers exploiting an unpatched
vulnerability in the WordPad Text Converter, a tool included with all
versions of Windows. The flawed converter handles Microsoft Word 97
files on Windows 2000 Service Pack 4 (SP4), XP SP2, Server 2003 SP1 and
Newer versions of Windows -- XP SP3, Vista and Server 2008 -- are not
vulnerable to the bug, however.
WordPad is a basic word processor that has been bundled with Microsoft's
operating system since Windows 95. The converter allows people who don't
have the company's Word application to open documents in Windows Write,
Word 6.0, Word 97, Word 2000 and Word 2002 formats.
Microsoft said that the WordPad converter bug requires some help from
the user, who must be tricked into actually opening a malicious file --
most likely delivered as an e-mail attachment.
Help InfoSecNews.org with a donation!