How To Avoid The Microsoft Word RTF Security Flaw

How To Avoid The Microsoft Word RTF Security Flaw

Caution, Microsoft Word users: there’s a vulnerability in all versions of Word that can render your computer open to attack. Microsoft says it is working on a fix — here’s how to stay safe in the meantime.

The vulnerability relies on a flaw in how Word handles RTF (Rich Text Format) files. While RTF isn’t the default format in Word, some people use it to ensure that their files can be opened in older versions of Word and other word processors, which can’t handle the current default .docx file type.

Attacks have been detected in the wild which affect Word 2010, but the vulnerability exists in older versions and in the current Word 2013 release as well.

To avoid the issue, don’t open any RTF files, especially those sent to you via email. As a temporary fix, Microsoft has an automated tool which blocks Word from opening RTF files; you can download that here.

Security Advisory 2953095: recommendation to stay protected and for detections [Microsoft Security Research And Defense Blog via Business Insider]


    • Aaaah, so you’re one of the quoted people who use a word processor *other* than MS Word, leading to RTF files still being in circulation :p

  • The bigger problem is anyone using Outlook 2007, 2010 or 2013 and uses Word as the built in file previewer (which is the default).

Show more comments

Comments are closed.

Log in to comment on this story!