WordPad: Workaround for Word woes?

WordPad: Workaround for Word woes?

Summary: Microsoft has not said whether WordPad, the free word processor included with Windows, is vulnerable to the zero day flaw announced yesterday in Microsoft Word.

TOPICS: Security, Microsoft

When Microsoft announced yesterday that an unpatched vulnerability in the processing of RTF files affecting in all versions of Microsoft Word was being exploited in the wild, they didn't say whether WordPad was also affected.

WordPad, once known as Windows Write (the file name is still write.exe), is a simple word processor included with Windows, up to and including Windows 8.1. It supports several file formats, among them RTF (in fact RTF is the default format).

We have asked Microsoft if WordPad is vulnerable to the same zero day bug announced for Word. They are still researching and have not provided an answer. We don't have access to the exploit so we can't test it.

Either it is vulnerable or it isn't. If it is vulnerable then we would expect Microsoft to update the security bulletin to reflect this fact.

If it is not vulnerable, then it should serve as a reasonable workaround until a fix is provided. The "Fix it" Microsoft provided works by shutting off RTF support in Microsoft Word, so WordPad could be used in the interim, if it is not vulnerable. Microsoft would also update their advisory to note this.

WordPad can also save files as native Word .DOCX files, so users could also use WordPad just for converting to .DOCX and still do all their work in Word. (Saving a .DOCX file as RTF in Word would not be a problem.)



Topics: Security, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Abiword supports the RTF format and isn't made by Microsoft

    If I didn't have Office 2010 or newer on Windows Vista or newer with the option to force protected view for RTF files in Word, I'd use something outside of Microsoft's sphere of products.

    Other free and open source options include LibreOffice and OpenOffice. These are office suites, while Abiword is strictly a word processor (that also supports reading the DOCX format).

    Another alternative for those running Microsoft Office 2007 or older is Sandboxie which can run Word in a 3rd party sandbox. And the Sandboxie sandbox provides more protection than do Windows integrity levels used in Protected View.
    Rabid Howler Monkey
  • *Facepalm*

    How on earth did Microsoft not think to check on this themselves? The very first thing I did when I heard about that vulnerability was check to make sure that WordPad, and not Word, was my default RTF program.
  • Don't remember the last time I even saw an RTF file.

    Considering that Wordpad is installed on every Windows computer in existence, it seems like this would be a no-brainer thing to check.
    terry flores
  • Whom is affected by this?

    Who the heck is still using .RTF documents anyway? :-/
    • Its the only...

      ... way I can send documents to paranoid clients who refuse to install any office software at all. OpenOffice, Microsoft Office, all off-limits for some crazy reason I'll never understand. But in their minds, 'wordpad comes with windows so its safe!'

      Who ELSE uses RTF? No idea.
      luke mayson
      • RTF is used in certain publishing workflows

        there are a lot of print publishing systems that are somewhat older, but where rich formatting is being done by the author that has to survive into the publication. RTF is an excellent way to do that.
    • RTF is sometimes used as a file interchange format

      There are many systems out there, especially in Europe, that use RTF files as an interchange format between applications. I have seen workflow apps using RTF files to pass on data between multiple hosts. I have even seen computer controlled systems using RTF files. Luckily though, they do not use Word. Old Help files were all in RTF format. You can see rich edit controls in Delphi and VB/VC++ creating/reading RTF files still.
    • universities.. public institutions that can't be tied to proprietry..

      I work at a uni and our web presence is littered with RTF files.
  • WordPad Still Exists?

    Wow! Blast from the past! I don't think I've used WordPad since Windows '98.