News : ITS : University of Sussex

Accessibility |
A-Z |
Staff search |
Contact us |
Email |
External website

ITS home
Help
Services
My IT account
Security
About

Back to previous menu
News

Security issue with Rich Text Files

Posted: Wed 26 Mar 2014, 9:33am.

Microsoft have confirmed a vulnerability in all recent editions of Microsoft Word which hackers can use to gain administrative access to computers. Anyone opening a Rich Text File (RTF or .rtf files) which contains the necessary embedded code, could unwittingly give hackers access to their computer.

As a temporary measure, IT Services have changed the settings on staff and student PCs at Sussex so that Rich Text Files open in protected mode. This prevents any embedded code from damaging computers, but it does also mean that it is not currently possible to edit RTF files on Sussex PCs, although you can copy and paste the text into a new Word document and re-save it in .docx format.

Microsoft have not yet released a fix for this vulnerability but when they do, the settings on Sussex PCs will be returned to normal.

Subscribe to our latest news mailing list to receive email alerts of updates.