Even if your users are completely trained to never open Word files with funky extensions, dangerous documents can come disguised with a friendly ".doc" extension. The May Patch Tuesday included an update that fixed a hole in Word relating to malicious RTF and HTML files, says a post in the Microsoft Security Vulnerability Research & Defense blog. However, if your users don't use, or rarely use, Word to open RTF or HTML documents, you may be better off blocking those files from loading in Word altogether. The SVRD blog posted instruction on how to do that.
It is important for users to realize that an RTF or HTML document that has a ".doc" extension will still successful open up in Word as the originally formatted document. So changing the extension doesn't change Word's ability to read the formatting contained in the document. If your users do have legitimate reasons to open RTF or HTML documents in Word, you can limit your exposure to any potential malware by specifying "a trusted (Office 2007) or exempt (Office 2003) folder" so that files loaded from that specified folder are always opened, but those that come from other, unknown places are not, the SVRD blog describes
Here are some links that explain how to enable File Block and also how to configure trusted/exempt folders:
Go to the Microsoft Subnet home page for more news, blogs, podcasts.
More Microsoft Subnet blog posts:
Messenger and Hotmail land on the BlackBerry
Microsoft is gunning to make SMBs happy with new WS2008 bundles
Will an investor force Yahoo/Microsoft together?
Microsoft plug-in makes documents more accessible to the blind
Write a screenplay, win prizes and grow to love Vista
Plus, check out Microsoft Subnet's expert bloggers:
Mitchell Ashley's Converging on Microsoft blog
Mitchell Ashley's Converging on Microsoft podcast
Tyson Kopczynski: Hidden Microsoft
Kerrie Meyler: Managing Microsoft
Ron Barrett: A Better Windows World
Glenn Weadock: Windows Server 2008
Alex Lewis: Windows into Silicon Valley
Brian Egler: SQL Server Strategies
Scot Hillier: SharePoint Developer
More Microsoft Subnet bloggersSign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community, managed by editor Julie Bort. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter. The newsletter includes news generated by the Microsoft Subnet community as well as other Microsoft news stories published by Network World.
|
|
