US & World

Microsoft warns that emails with RTF files attached can let hackers take over your computer

An image showing the structure of the malicious RTF files.
An image showing the structure of the malicious RTF files.
An image showing the structure of the malicious RTF files.
Code from malicious RTF documents that looks for the code to execute and take over users' computers.

Microsoft released an emergency security alert noting a vulnerability in Microsoft Word that would allow hackers to take over users' computers. Their way in: RTF files, a widely used word-processing format. It can even affect users when the files are seen in preview mode, such as through Microsoft Outlook.

According to Microsoft's Monday advisory, the attacks using this exploit are targeting users of Microsoft Word 2010, but the vulnerability exists in other versions of Word. The attacks also affect Outlook users who have Word set as their email viewer, which is the default in Outlook 2007, 2010 and 2013.

The way it works is that specially formatted RTF files have code in them that corrupts your computer's system memory, then allowing the hackers to execute their own code.

Hackers can exploit this vulnerability either through email or a Web-based attack, according to Microsoft. In the Web-based scenario, a site could contain one of the specially formatted RTF files.

As Microsoft notes, "compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability." It notes that while users wouldn't be forced to go to the site, they could be taken to the site through a link in an email or instant message.

Microsoft advises disabling the opening of RTF files in Microsoft Word to avoid these attacks. Other suggested workarounds included making Word open RTF files in Protected View, reading emails in plain text and using Microsoft Office File Block to prevent the opening of RTF files in Word 2003, 2007, 2010 and 2013.

Microsoft says that they are still investigation the vulnerability and may release a security update either as part of their monthly security updates, or release a special update outside of the monthly release. They also reminded customers to follow their general guidance of using a firewall, applying all software updates and using antimalware software.

While the attacks Microsoft says it is currently aware of targets Microsoft Word 2010, the alert also warns that affected software includes Microsoft Word 2007, 2010, 2013, Office for Mac 2011 and several other pieces of software. You can read the full list on Microsoft's website.

An automated "Fix It" tool is also being offered by Microsoft.

You can read a more technical explanation from Microsoft's Security Research and Defense Blog, including advice for business enterprise networks.