Jump to content

Wordpad & MS Word security warning on images


Recommended Posts

I found an oddity with Windows 10 and no solution found on the web (so far).  Apparently this is the same warning displayed when a file is being opened from a network share, however this occurs with any file, including one which is local and both owned as well as created by the current user/account as long as the document includes an image of a certain type (or possibly types as it likely occurs for some other image types as well, though not all as some images in a document with many were not blocked):

Blocked.png.ff8832fb2ce68f406e5632dca9731cc7.png

Here's the RTF file including an embedded 'evil' image that Word/Wordpad both think needs to be blocked (even though I am both the author/creator and owner of the file, so it's not like it came from another machine):

Blocked.rar

I've found no solution so far and the web didn't offer anything useful either (only a reply about network shares on MS' official forums, which doesn't apply here, and some discussions elsewhere with no final resolution for this specific scenario).  I'm sure there's some kind of good reason for this, like perhaps the possibility of certain image types containing embedded exploit code of some kind, however there should be a way to override it and at least authorize a specific document/image as 'safe' so that I don't have to dismiss this modal dialog each and every time I open such a document.

I miss Windows 7 :( 

Incidentally, I've also noticed that the Details Pane is now on the right side rather than the bottom (where it's been since its inception in Vista) and it cannot be moved unless Explorer is replaced/patched by a tool such as OldNewExplorer (I'd rather not use such utilities if I can avoid it, though I did already install Classic Shell and Classic Start Menu because I couldn't actually find anything easily).

If anyone has a solution, please post (and no, removing the image or replacing it with a different type of image is not a solution, though it may work as a workaround).

Thanks

Link to post
Share on other sites

@exile360 What version of word are you on. My old 2007 had no issue or warning. 

Are using any other Windows settings for security than default?

Link to post
Share on other sites

It should be the latest; it's the free trial of Office365 that came with the machine and it should be fully patched as I've installed all available OS/software updates from MS.  It happens with Wordpad too, so whatever the issue is, it impacts more than just Word.

It may be some setting, but I haven't messed with much so I'm not sure what it would be.  I did see a ton of file association change messages after installing a major Win10 version update/upgrade, but I looked it up and it's a common issue (apparently the generic handler app for unassociated filetypes sometimes displays this issue).  The .RTF file is associated properly with Word though (as it should be if Word is installed; otherwise it would be Wordpad).

Link to post
Share on other sites

By the way, an older version of Word likely wouldn't display this issue.  I suspect it is specific to Windows 10 and MS' newer versions of their applications (it likely wouldn't happen with OpenOffice either).

Link to post
Share on other sites

Yep, I bet it's some exploit shielding thing similar to how MB/MBAE block VB scripting and whatnot in Word and other apps.  It is rather annoying though, especially since I know the image is safe since I'm the one who put it there.

I wish this were more like the normal file/document blocking implemented in older Windows versions for files that come from another machine where it writes hidden metadata to the file via ADS (Alternate Data Streams) because then I could just use the properties dialog to remove it, or better still, I could use my right-click>send to function for a handy CLI tool from Sysinternals that removes it automatically from any file(s) and/or folder.

Link to post
Share on other sites
  • 2 weeks later...
  • 2 months later...

Microsoft has changed the behavior of content blocking in Wordpad after patching a vulnerability that allowed to bypass the content blocking and resulted in Wordpad activating embedded content that could potentially result in OLE objects activation even when the document was downloaded from the web (and thus contain the "Mark of the Web" aka MOTW) or opened from network share. Among the things, you could eg. run Javascript code through MS IE libraries and plant and run arbitrary executable files. So, for Windows 10 v.1809 and below (including 8.1, 8, 7, Server 2012, 2016, 2008) they have "killed" a lot of OLE objects by setting the killbit to their respective CLSIDs. (Even Windows Media Player plugin got the killbit) and starting with v.1903 the content blocking is "stronger" and is enabled for any file, no matter if they come from the internet or was already on the local file system (eg. no 'MOTW' applied to the file) on a safe location, like for instance, the 'Desktop' folder. Also the fact that most people utilize Word to open files that are originally associated with Wordpad.

Refer to: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8307

At the moment there doesnt seem to exist a setting like eg. "EnableContentBlocking", but would be nice to have it and also have the flexibility to eg. only apply to network locations / files downloaded from the web / all files.

Link to post
Share on other sites

Yes, I had no problem with the ADS Microsoft added to files from the web by default (and I could easily erase it by adding MS Sysinternals Streams to my Send to menu (one for individual files, one for folders recursively by modifying the command line switches in the shortcuts), not to mention the fact that you can actually disable the 'mark of the web' (I like that name for it, very cool :)), leaving ultimate control over the feature/blocking in the hands of the user (even if disabling/removing it was somewhat obscure and tedious by default; understandable for safety's sake, as otherwise I'm sure many users would delete/disable it who should not).

I get that Microsoft is trying really hard to protect us from ourselves, but when the handholding becomes an iron fist with no option to control or disable it, that's the point where it crosses the line between a safety feature and an outright hobbling/limitation of the OS/software.  Even UAC can be disabled (though I don't advise anyone do so, not even the most knowledgeable of users), and that's a far more crucial security feature, at least in my opinion.

You can disregard the stuff in the spoiler tags below; it's just some not entirely related rantings about my current displeasure with Windows 10.

10 seems to have many such 'features' that can't be disabled/removed (like many of their apps that come preinstalled, even though I don't run any UWP apps ever, and have the ability to do so completely disabled in the OS) and it gets very frustrating, especially after getting used to the idea of being able to disable or remove nearly any major or minor component/program within the OS in older versions like 7 and 8/8.1.  Why does Microsoft always seem to steal the wrong ideas from the competition?  They want to emulate iOS/Android so they not only launch a new mobile platform which inevitably fails, but then continue to develop their desktop OS as though it were designed to run on a smart phone, even though it is completely incompatible with smart phones and their line of phones and the mobile OS have been discontinued.  Still we have no Aero glass and a flat, lifeless looking operating system with a confusing layout that makes Windows ME look user-friendly (seriously, why are their two completely different/separate interfaces/applications for accessing settings rather than a single control panel with applets as it was in the past, and why are there settings embedded in hidden menus only accessible from the sides of the screen and icons in the tray that control features having nothing to do with the desktop or the tray?).  Why can't I disable the DNS Client service; a completely optional service which is not required for internet connectivity or DNS lookups (it's purely for caching, and actually a liability when using a large HOSTS file as I always have in previous Windows versions, but now cannot without my system's performance taking a dive due to the fact that the service can't be disabled)?  Don't worry about all the 'questions' about MS' decisions; it's just a bunch of rhetorical stuff to vent my growing frustrations with 10.

It's funny, everyone kept telling me that 10 wasn't nearly as bad as I feared and was actually superior to 7, but I really don't see it.  Don't get me wrong, I see many improvements under the hood and substantial expansion of the inbuilt capabilities of the OS as well as support for many newer hardware standards, protocols and APIs, however I also see a locked down, wannabe mobile/Apple operating system (without any of the style or visual appeal of their competitors) and the shell looks like a mockup of a UI that a Product Manager would create in a few minutes to provide the Developers with an example of the basic layout that they want for a shell, not a completed, polished operating system's shell.  Even XP with its Fischer Price looking default Luna theme looked better than the flat, lifeless solid blocks of color used in 10 for the majority of UI elements.  It looks like a webpage from the early years of the web, especially in dark mode (just without all the animated GIFs :P), and while I can certainly appreciate a minimalist design, I cannot abide a design that just flat out looks lazy, but to me at least, that's how most of this OS strikes me.  At least 8 had the Metro UI (something I was no fan of at all, but at least it LOOKED interesting if customized).  The best I can do with 10 is change the color a bit, just as I could with previous versions of Windows, however there is no true glass/Aero theme any more and everything looks completely flat and 2-dimensional (a real step backwards when the rest of the world is moving towards VR and augmented reality, even Microsoft themselves with some of their own projects).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.