CVE-2016-3234

Обходное решение

Use Microsoft Office File Block policy to prevent Office from opening RTF documents from unknown or untrusted sources. Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

For Office 2007

1. Run regedit.exe as Administrator and navigate to the following subkey:

   [HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock]

2. Set the RtfFiles DWORD value to 1. Note To use 'FileOpenBlock' with Office 2007, all of the latest Office 2007 security updates as of May 2007 must be applied.

For Office 2010

1. Run regedit.exe as Administrator and navigate to the following subkey:

   [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\FileBlock]

2. Set the RtfFiles DWORD value to 2.
3. Set the OpenInProtectedView DWORD value to 0.

For Office 2013

1. Run regedit.exe as Administrator and navigate to the following subkey:

   [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Security\FileBlock]

2. Set the RtfFiles DWORD value to 2.
3. Set the OpenInProtectedView DWORD value to** 0**.

Impact of Workaround. Users who have configured the File Block policy and have not configured a special “exempt directory” as discussed in Microsoft Knowledge Base Article 922849 will be unable to open documents saved in the RTF format.

How to undo the workaround For Office 2007

1. Run regedit.exe as Administrator and navigate to the following subkey:

   [HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock]

2. Set the RtfFiles DWORD value to 0.

For Office 2010

1. Run regedit.exe as Administrator and navigate to the following subkey:

   [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\FileBlock]

2. Set the RtfFiles DWORD value to 0.
3. Leave the OpenInProtectedView DWORD value set to 0.

For Office 2013

1. Run regedit.exe as Administrator and navigate to the following subkey:

   [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Security\FileBlock]

2. Set the RtfFiles DWORD value to 0.
3. Leave the OpenInProtectedView DWORD value set to 0.

Prevent Word from loading RTF files Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Interactive managed script method **For Word 2007 **

1. Click Start, click Run, in the Open box, type regedit, and then click OK.
2. Locate and then click the following registry subkey:

   HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock

   Note that if the FileOpenBlock subkey does not exist, you must create it. To do this, follow these steps:
   1. Select the Security subkey.
   2. On the Edit menu, point to New, and then click Key.
   3. Type FileOpenBlock, and then press Enter.
3. After you select the FileOpenBlock subkey, locate the DWORD value RtfFiles. Note that if this value does not exist, you must create it. To do this, follow these steps:
   1. On the Edit menu, point to New, and then click DWORD value.
   2. Type RtfFiles and then press Enter.
   3. Right-click RtfFiles and then click Modify.
   4. In the Value data box, type 1, and then click OK.
   5. On the File menu, click Exit to exit Registry Editor.

Managed deployment script method **For Word 2007 **

1. Save the following to a file with a .reg extension (For example Disable_RTF_In_Word.reg):

2. Run the above registry script created in step 1 on the target machine with the following command from an administrator command prompt: Regedit / s Disable_RTF_In_Word.reg Note RTF files will not be readable by Word.

FAQ

Does this update contain any additional security-related changes to functionality? Yes. In addition to the security updates that address the vulnerabilities described in this bulletin, Microsoft is releasing a security enhancement for Microsoft OneNote. After installing the updates listed in the following table, when users click a hyperlink in OneNote, they will be prompted to confirm whether they want to navigate to the selected URL.

I have Microsoft Word 2010 installed. Why am I not being offered the 3115198 update? The 3115198 update only applies to systems running specific configurations of Microsoft Office 2010. Some configurations will not be offered the update.

I am being offered this update for software that is not specifically indicated as being affected in the Affected Products table. Why am I being offered this update? When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.

For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table. For more information on this behavior and recommended actions, see Microsoft Knowledge Base Article 830335. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.