WordPad: Workaround for Word woes?

Microsoft has not said whether WordPad, the free word processor included with Windows, is vulnerable to the zero day flaw announced yesterday in Microsoft Word.

When Microsoft announced yesterday that  an unpatched vulnerability in the processing of RTF files  affecting in all versions of Microsoft Word was being exploited in the wild, they didn't say whether WordPad was also affected.

WordPad, once known as Windows Write (the file name is still write.exe), is a simple word processor included with Windows, up to and including Windows 8.1. It supports several file formats, among them RTF (in fact RTF is the default format).

We have asked Microsoft if WordPad is vulnerable to the same zero day bug announced for Word. They are still researching and have not provided an answer. We don't have access to the exploit so we can't test it.

Either it is vulnerable or it isn't. If it is vulnerable then we would expect Microsoft to update the security bulletin to reflect this fact.

If it is not vulnerable, then it should serve as a reasonable workaround until a fix is provided. The "Fix it" Microsoft provided works by shutting off RTF support in Microsoft Word, so WordPad could be used in the interim, if it is not vulnerable. Microsoft would also update their advisory to note this.

WordPad can also save files as native Word .DOCX files, so users could also use WordPad just for converting to .DOCX and still do all their work in Word. (Saving a .DOCX file as RTF in Word would not be a problem.)