Word Automation Services Vulnerability and Sharepoint Server

There is a vulnerability in Microsoft Word that could allow remote execution. That security issue impacts:

1. Microsoft Word 2003 to 2013

2. MS Word Viewer

3. Word Automation Services in Sharepoint 2010 and 2013

4. MS Office Web Server 2010 and 2013

The issue is mainly with the special RTF formatted data.

Risk Mitigation:

1. Use non-admin rights on the local systems. That will lower the impact

2. Disabling opening RTF on Word / Outlook

3. Microsoft Fixit solution

4. Use the Microsoft Enhanced Mitigation Experience Toolkit (EMET)

5. Read Outlook emails in plain text and KB Article

6. Use MS Office file block policy

7. In Sharepoint Server – Uncheck the RTF as the supported file format

Sharepoint Server – Work Automation Services:

Follow the steps below to disable the RTF file format within Word Automation Services on Sharepoint Server 2010 / 2013. Make sure to understand the impact of this change in your organization.

1. Go to Sharepoint Central Administration website of your farm

2. Under Application Management, click on ‘Manage Service Applications’

3. Under ‘Supported File Formats’, uncheck the Rich Text Format (.rtf)

4. Click OK to save settings

References:

1. Vulnerability in Microsoft Word Could Allow Remote Code Execution – Microsoft Security Advisory (2953095)

2. MS Knowledge Base

3. CVE Page

Digital Transformation

Cloud Solutions

Project Solutions

IT and Web Solutions

Word Automation Services Vulnerability and Sharepoint Server

Leave a Reply Cancel reply

Sign up for Softvative Newsletter

Share On Social Media

Our Services and Solutions

About Us

Services

Our Location

Subscribe To Softvative Newsletter