How to Disable RTF in Office

How to Disable RTF in Office

Reading Add Comment

Problem:

Microsoft Office is vulnerable to memory corruption vulnerabilities.  Malicious emails, sent in rich text format (RTF), can provide attackers remote code execution (RCE).  In other words, RTF emails are not safe!

Versions:  

Common vulnerability and exposure (CVE) CVE-2016-0127 impacts Office 2007, Office 2010, and Office 2013.

Solution:  

  1. Run Windows Updates on a regular basis.    
  2. Enable Microsoft Office File Block Policy to block RTF documents.

Disable RTF in Office 2007:  

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock] 

  • RtfFiles DWORDvalue: 1

Disable RTF in Office 2010:  

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\FileBlock]
  • RtfFiles DWORD: 2
  • OpenInProtectedView DWORD:  0

Disable RTF in Office 2013: 

[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Security\FileBlock]
  • RtfFiles DWORD: 2
  • OpenInProtectedView DWORD:  0
That's It!

References:

0 Comments:

Post a Comment

Subscribe to: Post Comments ( Atom )

My Instagram