How to keep Word from loading dangerous RTF files

Even if your users are completely trained to never open Word files with funky extensions, dangerous documents can come

disguised with a friendly ".doc" extension. The May Patch Tuesday included an update that fixed a hole in Word relating to malicious RTF and HTML files, says a post in the Microsoft Security Vulnerability Research & Defense blog. However, if your users don't use, or rarely use, Word to open RTF or HTML documents, you may be better off blocking those files from loading in Word altogether. The SVRD blog posted instruction on how to do that.

It is important for users to realize that an RTF or HTML document that has a ".doc" extension will still successful open up in Word as the originally formatted document. So changing the extension doesn't change Word's ability to read the formatting contained in the document. If your users do have legitimate reasons to open RTF or HTML documents in Word, you can limit your exposure to any potential malware by specifying "a trusted (Office 2007) or exempt (Office 2003) folder" so that files loaded from that specified folder are always opened, but those that come from other, unknown places are not, the SVRD blog describes

Here are some links that explain how to enable File Block and also how to configure trusted/exempt folders:


Go to the Microsoft Subnet home page for more news, blogs, podcasts.

More Microsoft Subnet blog posts:Messenger and Hotmail land on the BlackBerryMicrosoft is gunning to make SMBs happy with new WS2008 bundles Will an investor force Yahoo/Microsoft together?Microsoft plug-in makes documents more accessible to the blindWrite a screenplay, win prizes and grow to love Vista Plus, check out Microsoft Subnet's expert bloggers:Mitchell Ashley's Converging on Microsoft blogMitchell Ashley's Converging on Microsoft podcastTyson Kopczynski: Hidden Microsoft Kerrie Meyler: Managing Microsoft Ron Barrett: A Better Windows WorldGlenn Weadock: Windows Server 2008 Alex Lewis: Windows into Silicon Valley Brian Egler: SQL Server Strategies Scot Hillier: SharePoint DeveloperMore Microsoft Subnet bloggers

Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)