Just recently I wrote about how to disable specific file types in Microsoft Outlook so that the email previewer couldn't open them automatically in the Reading Pane. This was in light of a recently reported vulnerability in Microsoft Word and since Outlook uses Word to host file preview capability, has the potential for disaster. Just viewing a RTF format file in Outlook could allow an attacker to take over the computer.
Blocking file types in Outlook is one step to ensure end-users can't unknowingly view infected email attachments, but specific file types can be blocked completely in each Microsoft Office application. In this case, Microsoft Word is the culprit, but each Office application contains a Trust Center that can be used to manage authorized file execution. Access to each application's Trust Center is performed using the same steps, but let's focus on Microsoft Word to block execution of the reported RTF file exploit.
To do it…
- In Microsoft Word, click File and then click Options.
- Once on the Options screen, goto Trust Center and then Trust Center Settings.
- Once Trust Center Settings is open, click File Block Settings.
The file types assigned to each Office application will be displayed here, allowing you to modify how the application reacts when specific, associated file types are executed. In this case, we want to block RTF Files by putting a checkmark in the Open and Save options, and then changing the Open Behavior setting at the bottom of the dialog screen.
Note that the screen captures above are from Word 2013. The location of the Trust Center will differ between Microsoft Office versions.