Even if your users are completely trained to never open Word files with funky extensions, dangerous documents can come disguised with a friendly ".doc" extension. The May Patch Tuesday included an update that fixed a hole in Word relating to malicious RTF and HTML files, says a post in the Microsoft Security Vulnerability Research & Defense blog. However, if your users don't use, or rarely use, Word to open RTF or HTML documents, you may be better off blocking those files from loading in Word altogether. The SVRD blog posted instruction on how to do that.
It is important for users to realize that an RTF or HTML document that has a ".doc" extension will still successful open up in Word as the originally formatted document. So changing the extension doesn't change Word's ability to read the formatting contained in the document. If your users do have legitimate reasons to open RTF or HTML documents in Word, you can limit your exposure to any potential malware by specifying "a trusted (Office 2007) or exempt (Office 2003) folder" so that files loaded from that specified folder are always opened, but those that come from other, unknown places are not, the SVRD blog describes
Here are some links that explain how to enable File Block and also how to configure trusted/exempt folders:
Go to the Microsoft Subnet home page for more news, blogs, podcasts.
More Microsoft Subnet blog posts:
Messenger and Hotmail land on the BlackBerry
Microsoft is gunning to make SMBs happy with new WS2008 bundles
Will an investor force Yahoo/Microsoft together?
Microsoft plug-in makes documents more accessible to the blind
Write a screenplay, win prizes and grow to love Vista
Plus, check out Microsoft Subnet's expert bloggers:
Mitchell Ashley's Converging on Microsoft blog
Mitchell Ashley's Converging on Microsoft podcast
Tyson Kopczynski: Hidden Microsoft
Kerrie Meyler: Managing Microsoft
Ron Barrett: A Better Windows World
Glenn Weadock: Windows Server 2008
Alex Lewis: Windows into Silicon Valley
Brian Egler: SQL Server Strategies
Scot Hillier: SharePoint Developer
More Microsoft Subnet bloggersSign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
Latest software headlines from Network World:
Firefox update fixes Mac security issue
Susan G. Komen for the Cure uses SaaS CRM to organize donors
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
