Security News > 2020 > October > Office 365 adds protection against downgrade and MITM attacks

Office 365 adds protection against downgrade and MITM attacks
2020-10-16 03:30

Microsoft is working on adding SMTP MTA Strict Transport Security support to Exchange Online to ensure Office 365 customers' email communication security and integrity.

Once MTA-STS is available in Office 365 Exchange Online, emails sent by users via Exchange Online will only one delivered using connections with both authentication and encryption, protecting against both email interception and attacks.

Given that mail servers will still deliver emails even though a properly secured TLS connection can't be created, SMTP connections are exposed to various attacks including downgrade and man-in-the-middle attacks.

"MTA-STS helps thwart such attacks by providing a mechanism for setting domain policies that specify whether the receiving domain supports TLS and what to do when TLS can't be negotiated, for example stop the transmission," the company explains in a Microsoft 365 roadmap entry.

Microsoft is also working on including support for the DNSSEC and DANE for SMTP to Office 365 Exchange Online.


News URL

https://www.bleepingcomputer.com/news/security/office-365-adds-protection-against-downgrade-and-mitm-attacks/