Caution, Microsoft Word users: there’s a vulnerability in all versions of Word that can render your computer open to attack. Microsoft says it is working on a fix — here’s how to stay safe in the meantime.
The vulnerability relies on a flaw in how Word handles RTF (Rich Text Format) files. While RTF isn’t the default format in Word, some people use it to ensure that their files can be opened in older versions of Word and other word processors, which can’t handle the current default .docx file type.
Attacks have been detected in the wild which affect Word 2010, but the vulnerability exists in older versions and in the current Word 2013 release as well.
To avoid the issue, don’t open any RTF files, especially those sent to you via email. As a temporary fix, Microsoft has an automated tool which blocks Word from opening RTF files; you can download that here.
Security Advisory 2953095: recommendation to stay protected and for detections [Microsoft Security Research And Defense Blog via Business Insider]