Since the report of a serious vulnerability in how Microsoft Word and Outlook read and view RTF files, there's been a lot of discussion around how to minimize potential attack until Microsoft can release an official patch. Microsoft has provided a Fix It component that can be executed manually, or deployed to multiple computers, but many are looking for better managed solutions for protecting computers running all versions of Microsoft Office (2003 through 2013).
Yesterday, I talked about how to block RTF files from being previewed in Microsoft Outlook, and then how to block RTF files from being accessed in Microsoft Word. But, these are more manual solutions. You can automate management of RTF access through Group Policy.
To do this for Microsoft Word:
- Download the Office 2013 Administrative template files from the Microsoft Download Center. The downloads are in a self-extractable .exe format.
- Once downloaded, execute the file and allow it to extract the files to a directory of your choice.
- Next locate the word15.admx in the extracted files directory and copy it to your central policy store, usually %systemroot% \sysvol\domain\policies\PolicyDefinitions on the domain controller.
- Run gpmc.msc connected to the central policy server and locate: Microsoft Word 2013\Word Options\Security\Trust Center\File Block Settings under User Configuration/Administrative Templates
- Find: RTF files
This policy setting allows you to determine whether users can open, view, edit, or save Word files with the format specified by the title of this policy setting. If you enable this policy setting, you can specify whether users can open, view, edit, or save files. Adjust the policy based on the following…
- Do not block: The file type will not be blocked.
- Save blocked: Saving of the file type will be blocked.
- Open/Save blocked, use open policy: Both opening and saving of the file type will be blocked. The file will open based on the policy setting configured in the "default file block behavior" key.
- Block: Both opening and saving of the file type will be blocked, and the file will not open.
- Open in Protected View: Both opening and saving of the file type will be blocked, and the option to edit the file type will not be enabled.
- Allow editing and open in Protected View: Both opening and saving of the file type will be blocked, and the option to edit will be enabled.
If you disable or do not configure this policy setting, the file type will not be blocked.
The registry key affected by this GPO is:
HKCU\software\policies\microsoft\office\15.0\word\security\fileblock - rtffiles
Frankly, it might make sense these days to block RTF files for good. This file type is rarely used anymore. RTF, or Rich Text Format, was developed and published as a specification by Microsoft in 1987. The intent was to ensure cross-platform document exchange, but, alas, the world has progressed and it's probably not necessary any more.
