Microsoft has released a warning about a security hole in Microsoft Word 2010, in which a malicious RTF (rich text format) file could grant an attacker user rights in Windows. Users with ‘administrator rights’ are more at risk, as an attacker who gains that ability would have complete access to that Windows system.
This security exploit could also be activated via Outlook as it uses Microsoft Word to preview RTF files. Word is used as the email reader for Outlook 2007, 2010 and 2013. Mac users running Microsoft Office 2011 for OS X are also at risk.
Microsoft is investigating the vulnerability and will ‘take appropriate action’ depending on what it requires, according to its Security Advisory article. There are two simple workarounds to protect you from this potential threat:
- Disable opening RTF content in Microsoft Word. Visit this Microsoft fix it page to enable this workaround.
- Read emails in plain text. Instructions here.
As always, this story highlights how you should always be careful when opening files from unknown sources.
Source: Microsoft Security Advisory