Microsoft fixed three zero-days under actively exploitation in its patch dump for the month of October.
The computing giant addressed a zero-day vulnerability tracked as CVE-2023-36563, a disclosure flaw in WordPad that can be exploited to obtain hashed passwords. WordPad is a no-frills word processing program bundled into the Windows operating system – although Microsoft announced Sept. 1 that it will stop shipping the app in future releases.