Today a user received this warning when opening an email: “Office File Validation detected a problem while trying to open this file. Opening it may be dangerous”. The error only occurred when the email he was opening was formatted as Rich Text (i.e. RTF file). The user’s email client is Microsoft Outlook 2003 and he has enabled the setting “Use Microsoft Office Word 2003 to read Rich Text e-mail messages”. After a bit of investigation, it seems that the error started occurring afterhe installed a Windows Update on May 8, 2012.
I reviewed the user’s update history and on that day he installed the following Windows Updates:
- Security Update for Microsoft Office Excel 2003 (KB2597086)
- Security Update for Microsoft Office 2003 (KB2598253)
- Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2598343)
- Security Update for Microsoft Office 2003 (KB2597112)
- Security Update for Microsoft Office Word 2003 (KB2598332)
After reading the description of each of the above updates, I believe the one that caused the error is “Security Update for Microsoft Office Word 2003 (KB2598332)”. That update addresses “Microsoft Security Bulletin MS12-029 – Critical Vulnerability in Microsoft Word Could Allow Remote Code Execution”. Here’s a brief summary of that Security Bulletin:
This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Word 2007. This security update is also rated Important for all supported editions of Microsoft Word 2003, Microsoft Office 2008 for Mac, and Microsoft Office for Mac 2011; and all supported versions of Microsoft Office Compatibility Pack. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerabilities by modifying the way that Microsoft Office parses RTF-formatted data.
As you can see, the intention of the update was to fix that RTF vulnerability. However, in my user’s case, I believe the “Office File Validation” error was spurious and there was nothing sinister about the RTF emails he was trying to open. In other words, I think there is bug in the Windows Update (gee, that never happens…). I sent the user several simple and innocuous “Hello World” RTF emails and all of them generated the error message.
Until Microsoft fixes the bug, my only choice is to disable the Office File Validation feature for Word. Yes, I realize that could be potentially dangerous but it’s also dangerous to have annoyed users. Yup, it’s the whole “caught between a rock and a hard place” scenario. Unfortunately, Microsoft has a habit of putting IT administrators in that place time and time again. Sigh…
To disable the Office File Validation feature for Word, see the Microsoft Technet article, Office File Validation for Office 2003 and Office 2007. In that article, you’ll need to scroll down to the section that starts with “To prevent Office File Validation from validating files…”.
In a nutshell, you’ll first need to start
regedit and create a registry key. The exact key name depends on the version of Office you have. In my user’s case, the key was:
Inside that key, you’ll need to create a DWORD value named EnableOnLoad and set it to 0, which means “don’t validate”.
After setting that registry value, you’ll need to restart Outlook, then you should be able to open the RTF email without getting the spurious error message.
If this tip helped you, please leave a comment!