To protect computers from attacks, RTF files will be temporarily blocked from opening in Microsoft Word and Outlook.
There has been a recent malware attack using RTF files. The malware uses specially crafted RTF files using Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. Your system could then be taken over by Hackers. Therefore until Microsoft releases a patch to fix this vulnerability, we are going to block RTF files from opening in MS word or Outlook.
The most common infection method for the RTF hack is through an email with malicious attachments. The attachment is usually an RTF file or Zip file containing an RTF file which, when opened, executes the malware.
CLAS IT will begin pushing out a security policy this evening which will block RTF files from opening in Microsoft Word or in Outlook in order to protect computers that are managed by our group. This is a temporary measure and will be removed as soon as there is a patch available.
As part of this preventative measures, you should verify the identity of the sender of any attachments, whether through an informal consistency check of the e-mail address and content of the e-mail or formal communication with the sender. These documents can be saved to the desktop and then opened with WordPad or Notepad ++.
Please contact CLAS IT or your local department computer support, if you have problems or questions.
To protect yourself at home, you can follow the instructions found here:
- Microsoft Support: Disable opening RTF content in Microsoft Word
- Microsoft Outlook: Read email messages in plain text
Related Links
-
Microsoft security advisory: Vulnerability in Microsoft Word could allow remote code execution
- UF IT Alerts: Vulnerability in Microsoft Office with RTF attachments