Updates are Now Available:
Find these links located on the following Office Update Blog
As reported, Microsoft is working on a fix to address the recently reported Vulnerability with RTF files in Microsoft Word.
Microsoft Security Advisory (2953095) Vulnerability in Microsoft Word Could Allow Remote Code Execution http://technet.microsoft.com/en-us/security/advisory/2953095
The following Security blog contains some good information about the vulnerability.
Security Research and Defense Blog: Blog: Security Advisory 2953095: recommendation to stay protected and for detections http://blogs.technet.com/b/srd/archive/2014/03/24/security-advisory-2953095-recommendation-to-stay-protected-and-for-detections.aspx
Date for Office Patch
Microsoft Plans to address this issue with an update on April 8th.
The update provided through MS14-017 fully addresses the Microsoft Word issue first described in Security Advisory 2953095. This advisory also included a Fix it to disable opening rich-text format (RTF) files within Microsoft Word. Once the security update is applied, you should disable the Fix it to ensure RTF files will again render normally. At this time, we are still only aware of limited, targeted attacks directed at Microsoft Word 2010. The update will fully address all affected versions.
Microsoft provides vulnerability information to major security software providers that can then use this information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.
Mitigation using File Block
One of the points of mitigation for the Windows versions of Word is to enable the File Block options for the Rich Text Format (RTF). This option is available in the Trust Center for Word 2010 and 2013.
Figure 1: File Block Settings in the Trust Center.
Registry keys for the RTF File Block
The registry keys for 2013 and 2013 are a little different from those for 2003 / 2007. With the later versions, the key has changed to one key from a separate key for Open and Save as in 2003 / 2007.
HKCU\Software\Microsoft\Office\15.0\Word\Security\FileBlock\RtfFiles Dword value=2
Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\Security\FileOpenBlock] "RtfFiles"=dword:00000001
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Security\FileOpenBlock] "RtfFiles"=dword:00000001
Here are some various articles around the Administrative templates for the various Office versions and deploying Office keys via a Group Policy.
Group Policy Templates:
Group Policy Administrative Template files (ADMX, ADML) and Office Customization Tool (OCT) files for Office 2013 http://technet.microsoft.com/en-us/library/cc178992.aspx
Office 2010 : Office 2010 Administrative Template files (ADM, ADMX/ADML) and Office Customization Tool downloadhttp://www.microsoft.com/en-us/download/details.aspx?id=18968
2007 Office system Administrative Template files (ADM, ADMX, ADML) and Office Customization Tool version 2.0 http://www.microsoft.com/en-us/download/details.aspx?id=22666
We do not have any means to mitigate this from the Macintosh environment as we have with the File Block for RTF options that the security advisory discusses. The Macintosh versions do not have this infrastructure for blocking the various file types and instigating Protected View.