As part of the April 2014 Patch Tuesday, Microsoft released a security update (2878219) to fix a vulnerability in the way Microsoft Word reads and views RTF formatted files. Prior to the official fix, Microsoft offered a Fix It solution temporarily disable RTF accessibility in Microsoft Word. I even went through a few alternate solutions for blocking through the app and through GPO. These instructions are valuable for any file type you deem unworthy for your company to access. You can find those here:
Today, we learn that the security fix cannot be installed for Office Web Apps 2013 that has already had Service Pack 1 applied. When attempting to install, an error message will display:
The installation of this package failed.
The problem is in Service Pack 1, itself, and for the security fix to install correctly, the patch must be applied to a clean version of Office Web Apps 2013, meaning an installation without Service Pack 1 applied. Clearly, the security fix is critical, so if you want to secure Office Web Apps, you really will need to run through the steps to fix the problem.
The steps involve removing Office Web Apps configuration from the server, uninstalling Office Web Apps 2013, rebooting, reinstalling Office Web Apps Server, applying a cumulative update provided in December 2013, and then finally install April's RTF security fix.
The complete 7-step process is outlined in the following Microsoft blog post: