RTF files.. standing for Rich Text Format.. have been around a long time. They are an alternative to saving files in the familiar *.doc or *.docx formats. However, according to a recent warning from Microsoft, *.rtf files are being used to compromise systems when viewed in Outlook or Word.
The *.rtf files can use weaknesses in Microsoft Word to allow a hacker to gain access to your system remotely and/or execute arbitrary code. All versions of Word appear to be impacted, although in testing products in the Office 2013 family did seem to block the malicious impacts.
Per the advisory, “The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer.” And when that happens, an attacker could gain the same user rights as the current user.
ESG recommends that you practice safe e-mail handling precautions by not opening unexpected e-mails/attachments, utilizing a local anti-virus software package, and not following links that make you download a file. Should you have suspicious *.rtf files on your system, you can open them with a lesser editor such as Notepad just to view their raw contents.
Also, if you have Outlook 2010 you can follow the instructions located here to disable the previewing of RTF files.