Microsoft Word Users: Watch Out For RTF Files

If you get an RTF file from someone in your email, don’t open it. Don’t even glance.

That was part of a warning from Microsoft recently to users of supported versions of Microsoft Word. The company says that hackers have found a vulnerability in the system. Opening RTF documents (short for Rich Text Format) – even previewing them – could corrupt your computer, and make it part of a larger hacking network. Microsoft says so far it is aware only of targeted attacks on users of Microsoft Word 2010.

In an official post in Microsoft’s Security TechCenter, the company warned:

“The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.”

Microsoft knows that attacks are occurring but has no permanent solution yet. The company says users should avoid opening RTF files until a fix for the vulnerability has been made available. There is a way you can get at least a limited view of these files if it’s absolutely necessary. Microsoft outlined a “workaround” on its Security Research and Defense Blog recently (image above).

But the company warns that the consequences of opening or even previewing corrupted RTF files could be dire. A Business Insider report warns opening a booby-trapped file could give hackers control of your computer. Once under a hacker’s control, the computer could be used to send out spam or even as part of an online fraud operation.