This is a “heads up” for people who use Rich Text (RTF) files.  Brad Chacos reported recently that hackers are using “poisoned” RTF files to gain control of consumers’ PCs (www.csoonline; “Just previewing email can give attackers control of your PC, Microsoft warns”; March 25, 2014).

Per Mr. Chacos article, Microsoft issued a warning on March 24th about the newly discovered Microsoft Word vulnerability.  Hackers send “poisoned” RTF files and gain access to PCs when consumers simply access or preview these files.  The hackers then gain remote access of the PCs and will have the same rights as the PC user.

Mr. Chacos writes that Microsoft has said it’s only aware of limited, targeted attacks against Word 2010.  However, he notes that the RTF vulnerability is found in Word 2013, Word 2013 RT, Word 2007, Word 2003, Microsoft Office for Mac 2011 and related programs (e.g., Word Automation Services on Microsoft SharePoint Server).

As he noted, Microsoft has released a fix that neutralized the exploit but it’s one that not everyone will want to use.  The fix bars all RTFs.  In his article, Mr. Chacos describes several workarounds for people who either can’t, or don’t want to stop, using the RTF format.  These are very useful tips for people who still need to use RTFs but don’t want to fall victim to the hackers.