One of the suggested solutions to the potential RTF vulnerability described in Microsoft released Security Advisory (2953095): Vulnerability in Microsoft Word Could Allow Remote Code Execution is to set Outlook to read all mail in plain text format.
Rather than setting all messages to plain text format, you can use an ItemAdd macro to convert only RTF messages to plain text or HTML format as they arrive in your Inbox. If you prefer to use a Run a Script rule, the same basic code will work but you'll need to create a rule to run it.
In addition to changing the message format, I'm adding a category called "Was RTF" so I know the message was converted from RTF format by the macro.
Macro to Convert RTF Messages to Plain Text Format
Option Explicit Private WithEvents Items As Outlook.Items Private Sub Application_Startup() Dim Ns As Outlook.NameSpace Set Ns = Application.GetNamespace("MAPI") Set Items = Ns.GetDefaultFolder(olFolderInbox).Items End Sub Private Sub Items_ItemAdd(ByVal Item As Object) If Item.MessageClass <> "IPM.Note" Then Exit Sub End If If Item.BodyFormat = olFormatRichText Then Item.BodyFormat = olFormatPlain ' or olFormatHTML Item.Categories = "Was RTF" Item.Save Else End If End Sub
Run a Script rule
For a run a script rule, change the first line of the macro then create a rule to check every message that arrives. As one of the conditions, choose Uses the From name, and select Note from the Applications Forms list.
Sub CovertRTFtoPlain(Item As Outlook.MailItem) If Item.BodyFormat = olFormatRichText Then Item.BodyFormat = olFormatPlain ' or olFormatHTML Item.Categories = "Was RTF" Item.Save Else End If End Sub
More information on configuring a run a script rule is here: Outlook's Rules and Alerts: Run a Script
How to use Macros
First: You will need macro security set to low during testing.
To check your macro security in Outlook 2010 or 2013, go to File, Options, Trust Center and open Trust Center Settings, and change the Macro Settings. In Outlook 2007 and older, it’s at Tools, Macro Security.
After you test the macro and see that it works, you can either leave macro security set to low or sign the macro.
Open the VBA Editor by pressing Alt+F11 on your keyboard.
To use the macro code in ThisOutlookSession:
- Expand Project1 and double click on ThisOutlookSession.
- Copy then paste the macro into ThisOutlookSession. (Click within the code, Select All using Ctrl+A, Ctrl+C to copy, Ctrl+V to paste.)
More information as well as screenshots are at How to use the VBA Editor
More Run a Script Samples:
- Autoaccept a Meeting Request using Rules
- Automatically Add a Category to Accepted Meetings
- Create a rule to delete mail after a number of days
- Delegates, Meeting Requests, and Rules
- Forward meeting details to another address
- How to Change the Font used for Outlook's RSS Feeds
- Keep Canceled Meetings on Outlook's Calendar
- Move messages CC'd to an address
- Outlook AutoReplies: One script, many responses
- Outlook's Rules and Alerts: Run a Script
- Process messages received on a day of the week
- Read Outlook Messages using Plain Text
- Receive a Reminder When a Message Doesn't Arrive?
- Run a Script Rule: Change Subject then Forward Message
- Run a script rule: Reply to a message
- Run a Script Rule: Send a new message when a message arrives
- Run Rules Now using a Macro
- Sort messages by Sender domain
- Use a Rule to delete older messages as new ones arrive
- Use a run a script rule to mark messages read
- Use VBA to move messages with attachments