{"id":54066,"date":"2023-10-10T23:49:48","date_gmt":"2023-10-10T23:49:48","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\/"},"modified":"2023-10-10T23:49:48","modified_gmt":"2023-10-10T23:49:48","slug":"its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\/","title":{"rendered":"It&#8217;s 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems"},"content":{"rendered":"<p><span class=\"label\">Patch Tuesday<\/span> Microsoft on Tuesday issued more than 100 security updates to fix flaws in its products, including two bugs that are already under active attack, as well as addressing an HTTP\/2 weakness that has also been exploited in the wild.<\/p>\n<p>That last one \u2013 tracked as <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-44487\">CVE-2023-44487<\/a> aka <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2023\/10\/10\/http2_rapid_reset_zeroday\/\" rel=\"noopener\">Rapid Reset<\/a> \u2013 is an HTTP\/2 protocol vulnerability that has been abused since August to launch massive distributed denial of service (DDoS) attacks. Microsoft, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/aws.amazon.com\/security\/security-bulletins\/AWS-2023-011\/\">Amazon<\/a>, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/cloud.google.com\/blog\/u\/0\/products\/identity-security\/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps\">Google<\/a>, and <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.cloudflare.com\/en-gb\/press-releases\/2023\/cloudflare-helps-discover-new-online-threat-that-led-to-largest-attack-in\/\">Cloudflare<\/a> all released mitigations for these server-knackering Rapid Reset attacks.<\/p>\n<p>But back to the Microsoft-specific CVEs that are listed as being publicly known and exploited. <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-36563\">CVE-2023-36563<\/a> is an information disclosure bug in Microsoft WordPad that can be exploited to steal NTLM hashes.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2023\/09\/04\/screenshot_goodbye_wordpad.jpg?x=174&amp;amp;y=115&amp;amp;crop=1\" width=\"174\" height=\"115\" alt=\"Goodbye WordPad\"><\/p>\n<h2 title=\"Microsoft ends development of free basic word processor bundled with Windows\">Farewell WordPad, we hardly knew ye<\/h2>\n<p><a href=\"https:\/\/www.theregister.com\/2023\/09\/04\/microsoft_deprecates_wordpad\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>There are two ways to exploit this, according to Microsoft. One way is to log in as a rogue or compromised user, and &#8220;then run a specially crafted application that could exploit the vulnerability and take control of an affected system.&#8221; The other way is to trick a victim into opening a malicious file. &#8220;The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file,&#8221; Redmond explained.<\/p>\n<p>In addition to applying the software fix, the Zero Day Initiative&#8217;s Dustin Childs also suggests users block outbound NTLM-over-SMB on Windows 11. &#8220;This new feature hasn&#8217;t received much attention, but it could significantly hamper NTLM-relay exploits,&#8221; Childs <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.zerodayinitiative.com\/blog\/2023\/10\/10\/the-october-2023-security-update-review\">wrote<\/a>.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZSYSqfacInDFUw0aAonIdgAAAEA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZSYSqfacInDFUw0aAonIdgAAAEA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>The second bug that&#8217;s under attack, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-41763\">CVE-2023-41763<\/a>, is a privilege escalation vulnerability in Skype for Business that could allow some information disclosure.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZSYSqfacInDFUw0aAonIdgAAAEA&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZSYSqfacInDFUw0aAonIdgAAAEA&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZSYSqfacInDFUw0aAonIdgAAAEA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZSYSqfacInDFUw0aAonIdgAAAEA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>&#8220;An attacker could make a specially crafted network call to the target Skype for Business server, which could cause the parsing of an HTTP request made to an arbitrary address,&#8221; Microsoft wrote. This could allow the attacker to view some sensitive information, including IP addresses or port numbers, but wouldn&#8217;t allow the criminal to make any changes to the disclosed info, we&#8217;re told.<\/p>\n<p>Of the new October patches, 13 address critical-rated bugs. This includes 12 that lead to remote code execution (RCE) plus Rapid Reset DDoS attacks. The rest are deemed &#8220;important&#8221; security flaws.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZSYSqfacInDFUw0aAonIdgAAAEA&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZSYSqfacInDFUw0aAonIdgAAAEA&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>As ZDI points out, there are 20 Message Queuing patches in this latest update, and the highest rated \u2013 <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-35349\">CVE-2023-35349<\/a> \u2013 earned a 9.8 out of 10 CVSS severity score. The issue could allow RCE, and it doesn&#8217;t require user interaction to exploit.<\/p>\n<p>&#8220;You should definitely check your systems to see if it&#8217;s installed and also consider blocking TCP port 1801 at your perimeter,&#8221; Childs warned.<\/p>\n<p>Another interesting flaw, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-36434\">CVE-2023-36434<\/a>, is a Windows IIS Server elevation of privilege bug that earned a 9.8 CVSS score \u2013 but only an &#8220;important&#8221; label from Microsoft.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZSYSqfacInDFUw0aAonIdgAAAEA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZSYSqfacInDFUw0aAonIdgAAAEA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;Microsoft doesn&#8217;t rate this as critical since it would require a brute-force attack, but these days, brute force attacks can be easily automated,&#8221; Childs argued, adding that IIS users should treat it as critical and patch ASAP.<\/p>\n<p><a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-36778\">CVE-2023-36778<\/a> is also an &#8220;important&#8221; bug that should be treated as critical if your organization runs Exchange Server in-house. This one is a Microsoft Exchange Server RCE that earned an 8.0 CVSS rating and an &#8220;exploitation more likely&#8221; warning from Redmond.<\/p>\n<p>An attacker must be authenticated and local to the network to exploit this bug, but \u2013 as Immervice Labs Senior Director of Threat Research Kev Breen told <em>The Register<\/em> \u2013 this is easy enough to achieve via social engineering attacks.&nbsp;<\/p>\n<p>&#8220;Just because your Exchange Server doesn&#8217;t have internet-facing authentication doesn&#8217;t mean it&#8217;s protected,&#8221; Breen explained, adding that this level of access to Exchange Server could allow a miscreant to &#8220;do a lot of damage to an organization.&#8221;&nbsp;<\/p>\n<p>For example: &#8220;With the ability to gain access to read every email that has been sent and received, or even to impersonate any given user, this could be advantageous for financially motivated criminals where business email compromise attacks are no longer from spoofed accounts, but from the legitimate email holder,&#8221; Breen warned.<\/p>\n<h3 class=\"crosshead\">Citrix and others join the patch party<\/h3>\n<p><a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/support.citrix.com\/article\/CTX579459\/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967\">Citrix<\/a> joined in the October patch party with a critical 9.4-rated flaw in its NetScaler ADC and NetScaler Gateway appliances. This one, tracked as CVE-2023-4966, could allow sensitive information disclosure in vulnerable security appliances. It doesn&#8217;t require any user interaction or privileges to exploit, so we&#8217;d suggest patching as soon as you can.<\/p>\n<p>A denial-of-service bug, CVE-2023-4967, also affected these same Citrix appliances and received an 8.2 CVSS rating.<\/p>\n<p>Adobe released three security bulletins to update a total of 13 vulnerabilities in Bridge, Commerce, and Photoshop. The software maker says it&#8217;s not aware of exploits for any of these flaws.<\/p>\n<p>Starting with <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/photoshop\/apsb23-51.html\">Photoshop<\/a>, Adobe has patched a critical bug \u2013 tracked as CVE-2023-26370 \u2013 that could lead to arbitrary code execution.<\/p>\n<p>The update for <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/magento\/apsb23-50.html\">Commerce<\/a>, meanwhile, fixes ten critical and important vulnerabilities that could lead to arbitrary code execution, privilege escalation, arbitrary file system read, security feature bypass and application denial-of-service.<\/p>\n<p>Finally, Adobe also patched two important vulnerabilities in <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/bridge\/apsb23-49.html\">Bridge<\/a> that could lead to memory leak.<\/p>\n<p>SAP today <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/dam.sap.com\/mac\/app\/e\/pdf\/preview\/embed\/ucQrx6G?ltr=a&amp;rc=10\">released<\/a> seven security notes and two updates to previously released notes.<\/p>\n<p>One of these vulnerabilities earned a perfect 10 CVSS score: Note 2622660, an ongoing update that includes the latest supported Chromium patches.&nbsp;<\/p>\n<p>SAP rated the rest as medium-priority patches.<\/p>\n<p>Google&#8217;s October <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/source.android.com\/docs\/security\/bulletin\/2023-10-01\">Android security bulletin<\/a> came out earlier this month and, as we noted in a <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2023\/10\/03\/arm_mali_gpu_attack\/\" rel=\"noopener\">previous article<\/a>, it warned of &#8220;indications&#8221; that an Arm driver bug as well as a critical system flaw, CVE-2023-4863, could lead to RCE &#8220;under limited, targeted exploitation.&#8221;<\/p>\n<p>In total, Google addressed 54 flaws in this month&#8217;s Android update. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2023\/10\/10\/october_2023_patch_tuesday\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Happy Halloween! Security bugs under attack squashed, more flaws fixed Patch Tuesday\u00a0 Microsoft on Tuesday issued more than 100 security updates to fix flaws in its products, including two bugs that are already under active attack, as well as addressing an HTTP\/2 weakness that has also been exploited in the wild.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":54067,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-54066","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>It&#039;s 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"It&#039;s 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-10T23:49:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/regmedia.co.uk\/2023\/09\/04\/screenshot_goodbye_wordpad.jpg?x=174&amp;amp;y=115&amp;amp;crop=1\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"It&#8217;s 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems\",\"datePublished\":\"2023-10-10T23:49:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\\\/\"},\"wordCount\":961,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\\\/\",\"name\":\"It's 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems.jpg\",\"datePublished\":\"2023-10-10T23:49:48+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"It&#8217;s 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"It's 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\/","og_locale":"en_US","og_type":"article","og_title":"It's 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-10-10T23:49:48+00:00","og_image":[{"url":"https:\/\/regmedia.co.uk\/2023\/09\/04\/screenshot_goodbye_wordpad.jpg?x=174&amp;amp;y=115&amp;amp;crop=1","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"It&#8217;s 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems","datePublished":"2023-10-10T23:49:48+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\/"},"wordCount":961,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/10\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\/","url":"https:\/\/www.threatshub.org\/blog\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\/","name":"It's 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/10\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems.jpg","datePublished":"2023-10-10T23:49:48+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/10\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/10\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/its-2023-and-microsoft-wordpad-can-be-exploited-to-hijack-vulnerable-systems\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"It&#8217;s 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54066","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54066"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54066\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/54067"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54066"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54066"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54066"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}