Caution, Microsoft Word users: there’s a vulnerability in all versions of Word that can render your computer open to attack. Microsoft says it is working on a fix — here’s how to stay safe in the meantime.
The vulnerability relies on a flaw in how Word handles RTF (Rich Text Format) files. While RTF isn’t the default format in Word, some people use it to ensure that their files can be opened in older versions of Word and other word processors, which can’t handle the current default .docx file type.
Attacks have been detected in the wild which affect Word 2010, but the vulnerability exists in older versions and in the current Word 2013 release as well.
To avoid the issue, don’t open any RTF files, especially those sent to you via email. As a temporary fix, Microsoft has an automated tool which blocks Word from opening RTF files; you can download that here.
Security Advisory 2953095: recommendation to stay protected and for detections [Microsoft Security Research And Defense Blog via Business Insider]
Comments
7 responses to “How To Avoid The Microsoft Word RTF Security Flaw”
Good thing I use OpenOffice.
Aaaah, so you’re one of the quoted people who use a word processor *other* than MS Word, leading to RTF files still being in circulation :p
No, I use DOC files.
Another being recruitment agencies who insist on RTF over DOC or PDF.
Um? OpenOffice saves in .otf by default, otherwise you can save as .docx or .doc or a heap of other formats. Thats like criticizing photoshop for .bmp files being in circulation simply because photoshop can save in .bmp
oh come on programmdude, I was being a lame troll!
The bigger problem is anyone using Outlook 2007, 2010 or 2013 and uses Word as the built in file previewer (which is the default).