Microsoft has released an update to address a vulnerability in the OleConvertOLESTREAMToIStorage and OleConvertOLESTREAMToIStorageEx functions when used in WordPad as described in CVE-2023-36563. Please note that other applications that use these functions might still be at risk.

Resolves vulnerabilities in Windows WordPad that could allow remote code execution if a specially crafted file is opened in WordPad.

A remote code execution vulnerability exists in the way that Microsoft WordPad parses specially crafted files. To learn more about this vulnerability, see CVE-2017-8588.

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects. To learn more about the vulnerability, go to CVE-2018-8307.

Fix an issue in which the desktop app WordPad crashes in Windows Server 2008 SP2.

Right-click the Start button (lower-left corner) and select Apps and Features on the pop-up menu. Select the Microsoft 365 or Office product you want to repair and select Modify. Note: This will repair the entire Office suite even if it's just one application you want to repair such as Word or Excel.

Resolves a vulnerability in Windows that could allow remote code execution.

When you start WordPad (Wordpad.exe) and then click Insert object, the Office components are not displayed in the object list as expected. This issue occurs because Windows 7 and Windows Server 2008 R2 no longer perform registry reflection. A supported hotfix is available from Microsoft.

This article explains how to repair apps and programs in Windows 11 and use Settings to fix common app issues without reinstalling. You can repair some apps and programs if they're not running correctly. Note that you won't see repair, change, or modify options for all apps and programs. Repair options from the Settings page.

Learn how to change default apps and protocol handlers in Windows, including an example about how to configure the default browser.